A vbs query from Microsoft to search for duplicate SPN’s:
http://www.microsoft.com/technet/scriptcenter/solutions/spnquery.mspx
Search for duplicate SPN’s
Reply
Tag Archives: Security
Enable Kerberos Event Logging
To enable event logging of Kerberos:
- start registry editor
- navigate to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
If the parameter key does not exist, create it - Create a new REG_DWORD Value named LogLevel and give it a value of 1
See Service Principal Names in your domain
To see all the service principal names registered in your domain, execute the following command:
ldifde -f <FileName> -s <DomainController> -t 3268 -d dc=forest,dc=root -r
"(objectclass=computer)" -l servicePrincipalname
this will return all computerobjects with an SPN and place it in the file <filename>. For all users execute the following:
ldifde -f <FileName> -s <DomainController> -t 3268 -d dc=forest,dc=root -r
"(objectclass=user)" -l servicePrincipalname
In this command replace forest with your NetBIOS domain name (i.e. marcvalk), root with your top level domain (i.e. net)
