Details
-
Task
-
Resolution: Unresolved
-
Major - P3
-
None
-
None
-
None
-
None
-
Server Security
Description
- Check the SPN exists use AD C++ Query API, Do not use ATL
- Get-ADObject -Filter "*" -SearchBase "CN=Administrator,CN=Users,DC=server,DC=ldaptest,DC=10gen,DC=cc" -Properties *
- Get-ADComputer -Identity <COMPUTER_NAME> -Properties ServicePrincipalNames | Select-Object -ExpandProperty ServicePrincipalNames
- https://docs.microsoft.com/en-us/windows/win32/ad/example-code-for-searching-for-users
- Check their are no duplicate SPNs
- Query AD for duplicate SPNs
- The setspn tool normally checks for this