Listing what's already mapped
Christopher D. Clausen
cclausen at acm.org
Mon Oct 1 11:27:22 EDT 2007
treschaud33 at yahoo.com wrote:
> How can I list all the servers that I have mapped with the Ktpass
> command?
>
> We are using Kerberos for SSO from our Middle Tier application that we
> develop. To make this work I must map the middle Tier's servername
> with an account in the domain. Here's a sample ktpass command that I
> use to do this:
>
> ktpass -princ HTTP/server10 at ENGINEERING.CRD.COM -mapuser svruser -
> pass svruserpwd
>
> I'm working in a development environment and have done this many
> times. I'd like to know which machines I have already mapped. How
> can I get the list? The domain controller is Win Server 2003 SP1
from a cmd.exe prompt (on a computer joined to this domain,) you can run
net group "domain computers" /domain to get a list all every computer
account. (Assuming you are indeed using computer accounts and not user
accounts.)
You can then run the setspn.exe -L "computername" for each computername
in the above list to see what mappings have been assigned.
I do not know of a way to specifically list computers with modified SPNs
without checking each and every object.
<<CDC
More information about the Kerberos
mailing list