Introduction
When managing Active Directory environments, you may need to locate computers registered with a specific Service Principal Name (SPN). SPNs are crucial for Kerberos authentication, but identifying which devices have a particular SPN can be time-consuming if done manually.
Fortunately, you can use PowerShell to automate this task quickly and accurately. This guide will show you exactly how to find computers with a specific SPN in Active Directory using PowerShell, saving you valuable admin time.
If you’re new to PowerShell, check out our post Powering Up with PowerShell: A Comprehensive Guide before getting started — it’s a great introduction for beginners.
Why SPNs Matter in Active Directory
Service Principal Names are identifiers used by Kerberos to associate a service instance with a service logon account. If an SPN is duplicated or incorrectly registered, it can cause authentication problems.
System administrators often need to audit or search for SPNs, especially during troubleshooting or security reviews. Using PowerShell makes this much easier, allowing you to query all computers in your domain and filter for specific matches.
The PowerShell Script
Here’s a simple PowerShell script to find computers in Active Directory with a particular SPN. Replace ‘digitalgeekery’ in the script with your own search string.
<#
.SYNOPSIS
Finds Active Directory computer accounts with a specified Service Principal Name (SPN).
.DESCRIPTION
This script searches all computer objects in Active Directory and filters those
that have a ServicePrincipalName containing the specified string (e.g., 'digitalgeekery').
.NOTES
Author: DIGITALGEEKERY
Date: June 2025
Requires the Active Directory module and appropriate permissions.
.EXAMPLE
Get-ADComputer -Filter * -Properties ServicePrincipalNames | Where-Object { $_.ServicePrincipalNames -match 'digitalgeekery' }
#>
<h1 data-start="2727" data-end="2787">Import the Active Directory module if not already imported</h1>
Import-Module ActiveDirectory -ErrorAction SilentlyContinue
<h1 data-start="2849" data-end="2928">Search for computers with ServicePrincipalNames matching the specified string</h1>
Get-ADComputer -Filter * -Properties ServicePrincipalNames | Where-Object {
$_.ServicePrincipalNames -match 'digitalgeekery'
}
How the Script Works
Let’s break down what each part of the script does:
1. Import the Active Directory Module
This ensures you can use the Get-ADComputer cmdlet. If you’re running this on a workstation, make sure the RSAT (Remote Server Administration Tools) are installed.
2. Retrieve All Computer Accounts
Get-ADComputer -Filter * -Properties ServicePrincipalNames collects every computer object in Active Directory and includes its Service Principal Names.
3. Filter the Results
The Where-Object command checks each computer to see if any SPNs contain your search term — in this case, digitalgeekery.
If you want to output the results to a CSV file for reporting, add this extra line:
Get-ADComputer -Filter * -Properties ServicePrincipalNames |
Where-Object { $_.ServicePrincipalNames -match 'digitalgeekery' } |
Select-Object Name, ServicePrincipalNames |
Export-Csv "C:\Temp\SPN_Report.csv" -NoTypeInformation
Best Practices
-
Always run PowerShell as Administrator when performing AD queries.
-
Use meaningful search strings to reduce the number of false matches.
-
Regularly audit your environment for duplicate SPNs to prevent authentication issues.
For more PowerShell automation ideas, take a look at:
-
Automating Local Administrator Password – for securing local admin accounts.
-
User PowerShell to Bulk Change Users Password – for managing credentials efficiently.
-
Delete Old User Profiles in Windows – for keeping systems clean and efficient.
Conclusion
Finding computers with specific SPNs in Active Directory doesn’t need to be complicated. With just a few lines of PowerShell, you can quickly identify the machines you need, export the results, and troubleshoot authentication issues effectively.
To learn more about automating admin tasks and improving IT efficiency, visit Digital Geekery for more PowerShell guides and system management tips.
