Setspn.exe

Overview[1]#

To Manage SPNs manually, the administrator can use the Setspn.exe tool that is provided with the Microsoft Windows Server Support Tools.

Whenever you?re doubting Service Principal Name (SPN) registration, you can start using Setspn.exe. With each new version of Windows the Setspn.exe command line utility has been extended. The options below are based on the Windows 2008 R2 Setspn.exe.

Typical usage#

When creating and using new SPNs with Web services, you may need to perform some troubleshooting. For instance, if you accidentally map the same SPN to two different accounts, the SPN will no longer work. It may also be necessary to list all of the SPNs that are associated with an account to determine if a specific SPN has been created.

Windows Support Tools for Windows Server contains a utility named Ldifde.exe that you can use to list all accounts that map to a specific SPN. To perform a query with Ldifde.exe From the Windows Support Tools menu, open the command prompt. Type the following command:

ldifde -f c:\spn_out.txt -d "DC=globalbank,DC=net" -l serviceprincipalname -r "(serviceprincipalname=HTTP/LONDON*)" -p subtree
This command searches for all of the SPNs in the globalbank.net domain that match the search mask HTTP/LONDON*. It writes the results to a text file named spn_out.txt on drive C.

More Information#

There might be more information for this subject on one of the following: