On Oct 1, 11:27 am, "Christopher D. Clausen" <[EMAIL PROTECTED]> wrote: > > from a cmd.exe prompt (on a computer joined to this domain,) you can run > net group "domain computers" /domain to get a list all every computer > account. (Assuming you are indeed using computer accounts and not user > accounts.) > > You can then run the setspn.exe -L "computername" for each computername > in the above list to see what mappings have been assigned. > > I do not know of a way to specifically list computers with modified SPNs > without checking each and every object. > > <<CDC
Thanks for responding. This didn't work though. It says "Cannot find account SERVER10." I tried this a few different ways with no luck. Even if this did work there are too many machines in the the domain to check (500+). I noticed that if I look at the properties of the mapped user in the the Active Directory tool it shows the last machine name as the User Logon Name on the Account tab. Is there anyway to enumerate this a see all the Logon names? ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos