How to Find Computers with a Specific SPN in Active Directory Using PowerShell

Introduction

When managing Active Directory environments, you may need to locate computers registered with a specific Service Principal Name (SPN). SPNs are crucial for Kerberos authentication, but identifying which devices have a particular SPN can be time-consuming if done manually.

Fortunately, you can use PowerShell to automate this task quickly and accurately. This guide will show you exactly how to find computers with a specific SPN in Active Directory using PowerShell, saving you valuable admin time.

If you’re new to PowerShell, check out our post Powering Up with PowerShell: A Comprehensive Guide before getting started — it’s a great introduction for beginners.


Why SPNs Matter in Active Directory

Service Principal Names are identifiers used by Kerberos to associate a service instance with a service logon account. If an SPN is duplicated or incorrectly registered, it can cause authentication problems.

System administrators often need to audit or search for SPNs, especially during troubleshooting or security reviews. Using PowerShell makes this much easier, allowing you to query all computers in your domain and filter for specific matches.


The PowerShell Script

Here’s a simple PowerShell script to find computers in Active Directory with a particular SPN. Replace ‘digitalgeekery’ in the script with your own search string.

<#
.SYNOPSIS
Finds Active Directory computer accounts with a specified Service Principal Name (SPN).

.DESCRIPTION
This script searches all computer objects in Active Directory and filters those
that have a ServicePrincipalName containing the specified string (e.g., 'digitalgeekery').

.NOTES
Author: DIGITALGEEKERY
Date: June 2025
Requires the Active Directory module and appropriate permissions.

.EXAMPLE
Get-ADComputer -Filter * -Properties ServicePrincipalNames | Where-Object { $_.ServicePrincipalNames -match 'digitalgeekery' }
#>
<h1 data-start="2727" data-end="2787">Import the Active Directory module if not already imported</h1>
Import-Module ActiveDirectory -ErrorAction SilentlyContinue
<h1 data-start="2849" data-end="2928">Search for computers with ServicePrincipalNames matching the specified string</h1>
Get-ADComputer -Filter * -Properties ServicePrincipalNames | Where-Object {
$_.ServicePrincipalNames -match 'digitalgeekery'
}

How the Script Works

Let’s break down what each part of the script does:

1. Import the Active Directory Module

This ensures you can use the Get-ADComputer cmdlet. If you’re running this on a workstation, make sure the RSAT (Remote Server Administration Tools) are installed.

2. Retrieve All Computer Accounts

Get-ADComputer -Filter * -Properties ServicePrincipalNames collects every computer object in Active Directory and includes its Service Principal Names.

3. Filter the Results

The Where-Object command checks each computer to see if any SPNs contain your search term — in this case, digitalgeekery.

If you want to output the results to a CSV file for reporting, add this extra line:

Get-ADComputer -Filter * -Properties ServicePrincipalNames |
Where-Object { $_.ServicePrincipalNames -match 'digitalgeekery' } |
Select-Object Name, ServicePrincipalNames |
Export-Csv "C:\Temp\SPN_Report.csv" -NoTypeInformation

Best Practices

  • Always run PowerShell as Administrator when performing AD queries.

  • Use meaningful search strings to reduce the number of false matches.

  • Regularly audit your environment for duplicate SPNs to prevent authentication issues.

For more PowerShell automation ideas, take a look at:


Conclusion

Finding computers with specific SPNs in Active Directory doesn’t need to be complicated. With just a few lines of PowerShell, you can quickly identify the machines you need, export the results, and troubleshoot authentication issues effectively.

To learn more about automating admin tasks and improving IT efficiency, visit Digital Geekery for more PowerShell guides and system management tips.

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

List of ms-settings URI commands to open specific settings in Windows 10

Next Post

I’m Back — More PowerShell and Tech Posts Coming Soon!

Related Posts