Query/Change SPNs on Windows Domain without SetSPN

Question

Has anyone had any luck with querying/changing SPNs on a Windows domain? Most of the hits on Google are SQL related: I can't find any information on how to do this myself. The most important things would be to query to SPN configuration and check for duplicates.

According to Arnout I made the following code:

static void Main(string[] args) {
    ValidateSPN("K2Server/jonathand-vpc:5252");
}

static void ValidateSPN(string spn) {
    const string queryFormat = "(ServicePrincipalName={0})";
    using (Domain localDomain = Domain.GetCurrentDomain()) {
        using (DirectorySearcher search = new DirectorySearcher(localDomain.GetDirectoryEntry())) {
            search.Filter = string.Format(queryFormat, spn);
            search.SearchScope = SearchScope.Subtree;
            SearchResultCollection collection = search.FindAll();
            if (collection.Count > 1)
                throw new Exception("Duplicate SPNs found.");
            else if (collection.Count == 0)
                throw new Exception("No such SPN");
        }
    }
}

Answer 1

It looks like this information is stored in the servicePrincipalName AD attribute. See this page for more info, in particular the "Search using LDIFDE" section.

Answer 2

You can use Search.VBS in the support tools to search for duplicate SPNs:

"C:\Program Files\Support Tools\search.vbs" "LDAP://DC=Your,dc=Domain,dc=Here" /C:"(serviceprincipalname=K2Server/jonathand-vpc:5252)" /S:Subtree /P:DistinguishedName