Yusuf Ozturk » find spn powershell

Blogroll

Badges

Community

How to find duplicated SPNs with PowerShell

Posted in Windows Powershell, Windows Server | No Comment | 4,554 views | 09/10/2013 16:07

You can find duplicated SPNs in your AD with this PowerShell script. That will output into txt file and console.

$ADObjects = Get-ADObject -Filter "objectClass -eq 'user' -and objectClass -eq 'computer'" -Properties "samaccountname","serviceprincipalname"
$Array = New-Object System.Collections.ArrayList
$Array.Clear();
 
foreach ($ADObject in $ADObjects)
{
   $SamAccountName = $ADObject.SamAccountName
   $ServicePrincipalName = $ADObject.ServicePrincipalName
 
   foreach ($SPN in $ServicePrincipalName)
   {
		$ReferenceObject = "$SamAccountName;$SPN"
 
		if ($Array -like "*$SPN")
		{
			$Matched = $Array -like "*$SPN"
			foreach ($Match in $Matched)
			{
				$MatchSAM = $Match.Split(";")[0]
				if ($MatchSAM -ne $SamAccountName)
				{
				   $Value = "$ReferenceObject%$Match"
				   Write-Host $Value
				   Add-Content -Value $Value -Path duplicated.txt
				}
			}
		}
		else
		{
			$Array.Add("$ReferenceObject")
		}
   }
}

You should split duplicated objects by %.