8:17 AM
Brian Seltzer
-->
To locate a specific SPN, check out our posts Finding an SPN in Active Directory using Perl and Finding an SPN in Active Directory using VBScript.
The PowerShell script below finds all SPNs in your domain of the service type that you specify. In the example below, I have the service type set to "HTTP", so the script returns all of the HTTP/ SPNs. The script uses the directorySearcher .Net class to find the accounts with HTTP/ SPNs.
$serviceType="HTTP"
$spns = @{}
$filter = "(servicePrincipalName=$serviceType/*)" $domain = New-Object System.DirectoryServices.DirectoryEntry $searcher = New-Object System.DirectoryServices.DirectorySearcher $searcher.SearchRoot = $domain $searcher.PageSize = 1000 $searcher.Filter = $filter $results = $searcher.FindAll()
foreach ($result in $results){
$account = $result.GetDirectoryEntry()
foreach ($spn in $account.servicePrincipalName.Value){
if($spn.contains("$serviceType/")){
$spns[$("$spn`t$($account.samAccountName)")]=1;
}
}
}
$spns.keys | sort-object
Related Posts:
- Backup DFS Namespaces Using PowerShell
- Translate Active Directory Name Formats Using PowerShell
- List Linux Users in Active Directory Using PowerShell
- Enable Trust for Delegation in Active Directory Using PowerShell
- TCP/IP Subnet Math with PowerShell - What AD Site is that Server in?
- List Sites and Subnets in Active Directory with PowerShell
- Find Disabled Users in Active Directory with PowerShell
- List Forest-wide Group Memberships with PowerShell
- Find Old Computer Accounts in AD with PowerShell
- List SPNs in Active Directory with PowerShell
- List Domain Controllers in Active Directory
Image icons used on this site are courtesy of Oxygen-icons.org
5 comments:
This works with no issues. Thanks
This is great, thank you. Works better than some more recent offerings I've found, since it finds user accounts (not just computer accounts) that have SPNs bound to them.
I just tweaked the DirectorySearcher to the newer syntax.
$search = New-Object DirectoryServices.DirectorySearcher([ADSI]"")
$search.PageSize = 1000
$search.filter = "(servicePrincipalName=*)"
$results = $search.Findall()
AMAZING! Thank you very much, this saved me untold hours.
Great post. I found that when I copied the last line ($spns.keys ¦ sort-object) PowerShell didn't like the '¦', so I replaced it with the '|' character
Thanks, I fixed the last line of the script. Thought I fixed that years ago!
Post a Comment