.. / setspn.exe

Reads, modifies, and deletes the Service Principal Names (SPN) directory property for an Active Directory service account


Functions:
Type:
Toolsets:

Domain

List SPNs for a specific account

setspn.exe -L ad.bitsadmin.com\SP2019
Usecase
Reconnaissance

Comments
Can be both a regular account as well as a computer account

List all SPNs in the domain

setspn.exe -T ad.bitsadmin.com -Q */*
Usecase
Reconnaissance

Set SPN

setspn.exe -S HTTP/EXCH2019.ad.bitsadmin.com EXCH2019
Usecase
Add an SPN to a user for a targeted Kerberoast

Comments
Error when execution from Offensive Windows VM: Ldap Error(0x51 -- Server Down): ldap_connect; Failed to retrieve DN for domain "" : 0x00000051; Warning: No valid targets specified, reverting to current domain.; FindDomainForAccount: Call to DsGetDcNameWithAccountW failed with return value 0x0000054B; Unable to locate account SP2019




Updated: 2023-07-01
Contributor: Arris Huijgen (bitsadmin)