Kerberos, SetSPN, LDIFDE, Windows Authentication, App Pool Identities – Aaarrgghhh!

Well, the title says it all really.

 

First of all, top marks to Tristan Kington and this Blog du Tristank. It really is the only place I’ve seen clear prescriptive advice on this topic.

 

My tuppence worth is I’ve taken Tristan’s work a tiny step further with this neat little batch file which finds any duplicate spns on your Active Directory Domain:

@echo off
rem findspns.cmd, Alasdair Cunningham-Smith, ACS Solutions Limited
setlocal
set SPN=%1
:again
if "%SPN%"=="" (
	set /p SPN=Please enter the SPN or part thereof to search for 
)
if "%SPN%"=="" (
	goto :again
)
ldifde -f CON: -s "%LOGONSERVER:\=%" -t 3268 -r "(ServicePrincipalName=*%SPN%*)" -l ServicePrincipalName
endlocal
Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s