PowerShell - List All Domain SPNs

Save as same List_ALL_SPNs.ps1 or similar, this LDap calls the Domain for all Service Principal names and accounts related

#Build LDAP filters to look for users with SPN values registered for current domain

$ldapFilter = "(&(objectclass=user)(objectcategory=user)(servicePrincipalName=*))"

$domain = New-Object System.DirectoryServices.DirectoryEntry

$search = New-Object System.DirectoryServices.DirectorySearcher

$search.SearchRoot = $domain

$search.PageSize = 1000

$search.Filter = $ldapFilter

$search.SearchScope = "Subtree"

#Execute Search

$results = $search.FindAll()

#Display SPN values from the returned objects

foreach ($result in $results)

{

$userEntry = $result.GetDirectoryEntry()

Write-Host "User Name = " $userEntry.name

foreach ($SPN in $userEntry.servicePrincipalName)

{

Write-Host "SPN = " $SPN

}

Write-Host ""

}