Kerberos, SetSPN, LDIFDE, Windows Authentication, App Pool Identities – Aaarrgghhh!

Well, the title says it all really.


First of all, top marks to Tristan Kington and this Blog du Tristank. It really is the only place I’ve seen clear prescriptive advice on this topic.


My tuppence worth is I’ve taken Tristan’s work a tiny step further with this neat little batch file which finds any duplicate spns on your Active Directory Domain:

@echo off
rem findspns.cmd, Alasdair Cunningham-Smith, ACS Solutions Limited
set SPN=%1
if "%SPN%"=="" (
	set /p SPN=Please enter the SPN or part thereof to search for 
if "%SPN%"=="" (
	goto :again
ldifde -f CON: -s "%LOGONSERVER:\=%" -t 3268 -r "(ServicePrincipalName=*%SPN%*)" -l ServicePrincipalName
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s