Friday, March 2, 2018

List all or specified SPNs that are assigned to an AD object

Find a specified SPN using PowerShell with ADSI:

 $SPNName = Read-Host "Enter SPN"
$search = New-Object DirectoryServices.DirectorySearcher([ADSI]"")
$search.filter = "(servicePrincipalName=*$SPNName*)"
$results = $search.Findall()
foreach($result in $results)
{
       $UserEntry = $result.GetDirectoryEntry()
       Write-host "Object Name = " $UserEntry.name -backgroundcolor "green" -foregroundcolor "black"
       Write-host "DN      =      "  $UserEntry.distinguishedName
       Write-host "Object Cat. = "  $UserEntry.objectCategory
       Write-host "servicePrincipalNames"
       $i=
       foreach($SPN in $UserEntry.servicePrincipalName)
       {
           Write-host "SPN(" $i ")   =      " $SPN       $i+=1
       }
       Write-host ""
}


Find all SPNs using PowerShell with ADSI:

$SPNName = "*"
$search = New-Object DirectoryServices.DirectorySearcher([ADSI]"")
$search.filter = "(servicePrincipalName=$SPNName)"
$results = $search.Findall()
foreach($result in $results)
{
       $UserEntry = $result.GetDirectoryEntry()
       Write-host "Object Name = " $UserEntry.name -backgroundcolor "green" -foregroundcolor "black"
       Write-host "DN      =      "  $UserEntry.distinguishedName
       Write-host "Object Cat. = "  $UserEntry.objectCategory
       Write-host "servicePrincipalNames"
       $i=
       foreach($SPN in $UserEntry.servicePrincipalName)
       {
           Write-host "SPN(" $i ")   =      " $SPN       $i+=1
       }
       Write-host ""
}


Using a LDAP Query, just replace spnname:

 (&(objectCategory=person)(ServicePrincipalName=*spnname*))

To search all you can use this query:
(&(objectCategory=person)(ServicePrincipalName=*))
Eingestellt von
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)