List all SPNs in Active Directory

Ran into a situation where I needed to get all the SPNs that are listed in AD.

Find duplicate SPNs

Listing duplicate SPNs is fairly easy, just use setspn -X on your command-line and you’ll find out.

What is a SPN?

An SPN or Service Principal Name is a unique identity for a service, mapped with a specific account (mostly service account). Using an SPN, you can create multiple aliases for a service mapped with a domain account.

SetSPN command-line

To set, list or delete the SPN, we use an in-built command line tool SETSPN provided by Microsoft.

Quite some scripts assume you’re looking for a specific SPN (HTTP/…), a specific user, or a specific computer. For example, using setspn to find SPNs linked to a certain computer:

Or setspn to find SPNs linked to a certain user account:

Now we need a script to list all SPNs, for all users and all computers.

Get All SPNs

SPNs are set as an attribute on the user or computer accounts. That makes it fairly easy to query for that attribute.

Powershell to the rescue!