Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help

Carlos

things i do

News

  • MSN Alerts




Quick way to finding duplicate SPN's

I know that Kerberos delegation can be a pain in the A$$ one of the first steps is to see if the user/administrator has registered a Service Principle Name (SPN) if he has and Kerberos delegation is still not working then check if he has duplicate entries for that SPN entry.

 

A quick and easy way is to use the following command:

 

Replace the following with your environments details:

<GC_Server_Name>

<My_SPN_Dump_File>.

<Machine_Name>

 

  1. Click “Start”
  2. Click “Run”
  3. Type “CMD”
  4. Type “CD \”
  5. Type the following

ldifde -s <GC_Server_Name> -f c:\<My_SPN_Dump_File>.txt -d "" -r "(serviceprincipalname=host/<Machine_Name>)" -p subtree -t 3268 -l dn,serviceprinciplename

 

Happy hunting

Carlos

Posted: Friday, April 21, 2006 7:48 PM by carlos

Comments

Marco Scheel aka GeekDotNet said:

Meine SharePoint Installationen sind in der Regel Intranet Installationen. Je nach Szenario ist Kerberos &#252;ber NTLM als Authentifizierung zu beorzugen. Es ist schwer mit Pauschalen zu arbeiten, aber in der Regel empfehle ich den EInsatz von Kerberos.

# June 24, 2008 6:01 AM

2K3R2 - Kerberos-Fehler? - MCSEboard.de MCSE Forum said:

PingBack from https://www.mcseboard.de/windows-forum-ms-backoffice-31/kerberos-fehler-154215.html#post949773

# July 25, 2009 6:52 AM
Anonymous comments are disabled