How to Query SPN Records
By Garth Jones
While trying to understand Kerberos Double Hop authentication, I needed to check the Service Principal Name (SPN) records for one of my servers. Checking these records meant that I would have to verify each service account and this particular server had 6 different instances of SQL.
Anyways, I stumbled across this tip about how to query AD for all SPN records, so I thought that I would share it with you.
From a CMD prompt, simply run the following command line.
setspn -Q */*Win2k8r2* >>C:\spn_recordswin2k8r2.txt
After finding the SPN records, I still wasn’t able to fix the double hop issue I was looking into. I think I’m getting closer to resolving this problem because I don’t see the SQL instance I’m working on listed above. Time to dig deeper!