The
Windows 2000 Resource Kit contains
Setspn to manipulate
SPNs, but it will
NOT export
SPNs to a text file for troubleshooting purposes.
The DsStore command-line utility assists in managing Enterprise Public Key Integration and which therefore displays SPN information. DsStore enables you to:
List information about a given computer's certificates. List information about computer's objects on the domain. List information about Certificate Authorities in the Enterprise. Add, remove, and display certificates from the directory services Enterprise Root Store. Add and remove certificate revocation lists (CRLs) from directory services. validate certificates from directory services public key infrastructure (PKI) locations. Pulse "autoenrollment" events to speed up various PKI processes. Add non-Microsoft® Windows® 2000 Certificate Authorities or offline Certificate Authorities to the enterprise PKI. Manage enterprise roots in directory services. Verify Machine Autoenrollment and Domain Controller certificates from Kerberos Key Distribution Center (KDC). Check on status and validity of domain controller certificates. Check on validity of smart card certificates.To retrieve SPN information and export it to a text file:
DSSTORE -macobj domainname\servername$ >c:\spns.txt
When I ran dsstore -macobj JSIINC\JSI001$, the following was returned:
Attribute : dNSHostName JSI001.JSIINC.COM Attribute : objectCategory CN=Computer,CN=Schema,CN=Configuration,DC=JSIINC,DC=COM Attribute : sAMAccountName JSI001$ Attribute : servicePrincipalName NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/JSI001.JSIINC.COM DNS/JSI001.JSIINC.COM GC/JSI001.JSIINC.COM/JSIINC.COM HOST/JSI001.JSIINC.COM/JSIINC HOST/JSI001 HOST/JSI001.JSIINC.COM HOST/JSI001.JSIINC.COM/JSIINC.COM E3514235-4B06-11D1-AB04-00C04FC2DCD2/83ad504f-862b-4862-8ff4-d18cb5d0de54/JSIINC.COM LDAP/83ad504f-862b-4862-8ff4-d18cb5d0de54._msdcs.JSIINC.COM LDAP/JSI001.JSIINC.COM/JSIINC LDAP/JSI001 LDAP/JSI001.JSIINC.COM LDAP/JSI001.JSIINC.COM/JSIINC.COM Attribute : userAccountControl 532480 Group Memberships: Domain Controllers
0 comments
Hide comments