Posts Tagged ‘Kerberos’

HowTo export all AD service principal names (SPNs) to textfile

If you need to troubleshoot kerberos problems with SharePoint, Reporting Services… you need an overview of all defined HTTP SPNs in Active Directory.

You can use the the following command in a dos-box to quickly output all SPNs to a textfile with the windows tool “LDIFDE.EXE”:

ldifde.exe -f check_spn.txt -t 3268 –d “” -l serviceprincipalname -r “(servicePrincipalName=HTTP*)” -p subtree

Here’s a sample output:


If ldifde.exe  i not installed on your server:


Windows 2008 
–> Add Remote AD Management Tools (RSAT-ADDS) Feature with Servermanager or:

  1. Click Start, Run, and in the Open field run ‚ServerManagerCmd -i RSAT-ADDS

Windows 2003 –> Install Support Tools from windows server CD or download:

Kategorien:Allgemein Schlagwörter: , ,