How to Retrieve SPNs from the Directory (298718)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
This article was previously published under Q298718

SUMMARY

With the Setspn tool that is included in the Windows 2000 Server Resource Kit, you cannot export Service Principal Names (SPNs) to a text file for troubleshooting purposes. Dsstore is another (command-line) tool from the Resource Kit that assists in managing Enterprise Public Key Integration and which therefore displays SPN information.

MORE INFORMATION

The following command line parameters specifically recall SPN information and parse it to a text file:

DSSTORE -macobj domainname\servername$ >c:\my_spns.txt

For example, if you run the following command syntax:

DSSTORE -macobj stuhud\studc01$

The following results are displayed:

Attribute : dNSHostName
stuDC01.stuhud.pri

Attribute : objectCategory
CN=Computer,CN=Schema,CN=Configuration,DC=stuhud,DC=pri

Attribute : sAMAccountName
STUDC01$

Attribute : servicePrincipalName
GC/stuDC01.stuhud.pri/stuhud.pri
HOST/stuDC01.stuhud.pri/STUHUD
HOST/STUDC01
HOST/stuDC01.stuhud.pri
HOST/stuDC01.stuhud.pri/stuhud.pri
E3514235-4B06-11D1-AB04-00C04FC2DCD2/6797dfe9-8a20-4096-81c2-20a7503aaa7c/stuhud.pri
LDAP/6797dfe9-8a20-4096-81c2-20a7503aaa7c._msdcs.stuhud.pri
LDAP/stuDC01.stuhud.pri/STUHUD
LDAP/STUDC01
LDAP/stuDC01.stuhud.pri
LDAP/stuDC01.stuhud.pri/stuhud.pri
NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/stuDC01.stuhud.pri
DNS/stuDC01.stuhud.pri

Attribute : userAccountControl
532480

Group Memberships:
Domain Controllers

Modification Type:MinorLast Reviewed:1/27/2006
Keywords:kbhowto kbKerberos kbPPKey KB298718
©2004 Microsoft Corporation. All rights reserved.