Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-6018: How to find duplicate servicePrincipalName (SPN) or hosts on Active Directory from Unix/Linux host

Authentication Service ,  

21 March,17 at 04:59 PM

Applies to: All Centrify DirectControl version on All supported Linux/Unix Platforms
Is there a way to find duplicate servicePrincipleName (SPN) or hosts on Active Directory from Unix host?
Yes.  There is a way to find duplicate servicePrincipelName (SPN) or hosts by using ‘ldapsearch’ command.
Run the following command as root on Unix/Linux host to find out the computer object with duplicate SPN:

# /usr/share/centrifydc/bin/ldapsearch -m -Q -LLL -H "ldap://" -b <Base_DN> '(servicePrincipalName=*/<Hostname>*)' dn serviceprincipalname

(Substitute <Base_DN> with the Distinguished name (DN) of domain and <Hostname> with the name of computer account)

For example:
# /usr/share/centrifydc/bin/ldapsearch -m -Q -LLL -H "ldap://" -b "dc=lab,dc=local" "(serviceprincipalname=*/computer*)" dn serviceprincipalname