KB-6018: How to find duplicate servicePrincipalName (SPN) or hosts on Active Directory from Unix/Linux host
Authentication Service
,
Show Properties
Hide Properties
|
12/22/2015 7:29 PM |
|
3/21/2017 4:59 PM |
|
3/21/2017 4:59 PM |
|
Article Audience |
|
Products |
Authentication Service
|
|
|
|
|
000006018 |
|
KB-6018: How to find duplicate servicePrincipalName (SPN) or hosts on Active Directory from Unix/Linux host |
|
Applies to: All Centrify DirectControl version on All supported Linux/Unix Platforms
Question:
Is there a way to find duplicate servicePrincipleName (SPN) or hosts on Active Directory from Unix host?
Answer:
Yes. There is a way to find duplicate servicePrincipelName (SPN) or hosts by using ‘ldapsearch’ command.
Run the following command as root on Unix/Linux host to find out the computer object with duplicate SPN:
# /usr/share/centrifydc/bin/ldapsearch -m -Q -LLL -H "ldap://" -b <Base_DN> '(servicePrincipalName=*/<Hostname>*)' dn serviceprincipalname
(Substitute <Base_DN> with the Distinguished name (DN) of domain and <Hostname> with the name of computer account)
For example:
# /usr/share/centrifydc/bin/ldapsearch -m -Q -LLL -H "ldap://" -b "dc=lab,dc=local" "(serviceprincipalname=*/computer*)" dn serviceprincipalname