Well, the title says it all really.
First of all, top marks to Tristan Kington and this Blog du Tristank. It really is the only place I’ve seen clear prescriptive advice on this topic.
My tuppence worth is I’ve taken Tristan’s work a tiny step further with this neat little batch file which finds any duplicate spns on your Active Directory Domain:
@echo off rem findspns.cmd, Alasdair Cunningham-Smith, ACS Solutions Limited setlocal set SPN=%1 :again if "%SPN%"=="" ( set /p SPN=Please enter the SPN or part thereof to search for ) if "%SPN%"=="" ( goto :again ) ldifde -f CON: -s "%LOGONSERVER:\=%" -t 3268 -r "(ServicePrincipalName=*%SPN%*)" -l ServicePrincipalName endlocal