Your network contains an Active Directory domain named contoso.com. The domain contains a web application that uses Kerberos authentication.
You change the domain name of the web application.
You need to ensure that the service principal name (SPN) for the application is registered.
Which tool should you use?
A. Active Directory Users and Computers
B. Netsh
C. Dnscmd
D. Ldifde
11given answer is correct.
There are three tools which you usually uses to list or even manipulate Service Principal Names (SPN) for an AD object.
i) Active Directory Users and Computers “Advanced” view
ii) setspn.exe -L command
iii) Ldifde.exe command
Ldifde -d “CN=WebServer, CN=Computers, DC=Contoso,DC=Com” -l ServicePrincipalName -F C:\SPN.txt
https://social.technet.microsoft.com/wiki/contents/articles/18996.active-directory-powershell-script-to-list-all-spns-used.aspx
both are ok:
https://identityunderground.wordpress.com/2013/08/08/list-all-spns-used-in-your-active-directory/
setspn -L
The old school system admins go for LDIFDE, like
Ldifde -d “DC=Contoso,DC=Com” -l ServicePrincipalName -F C:\SPN.txt
or
Ldifde -f spnaccount.txt -r serviceprincipalname=*/servername* -l serviceprincipalname,samaccountname
correct answer should be netspn which is not there