Quick way to finding duplicate SPN's
I know that Kerberos delegation can be a pain in the A$$ one of the first steps is to see if the user/administrator has registered a Service Principle Name (SPN) if he has and Kerberos delegation is still not working then check if he has duplicate entries for that SPN entry.
A quick and easy way is to use the following command:
Replace the following with your environments details:
<GC_Server_Name>
<My_SPN_Dump_File>.
<Machine_Name>
- Click “Start”
- Click “Run”
- Type “CMD”
- Type “CD \”
- Type the following
ldifde -s <GC_Server_Name> -f c:\<My_SPN_Dump_File>.txt -d "" -r "(serviceprincipalname=host/<Machine_Name>)" -p subtree -t 3268 -l dn,serviceprinciplename
Happy hunting
Carlos