MZ@ !L!This program cannot be run in DOS mode. $Rؕ3}3}3}H̴3}H̱3}Rich3}PEL!  .@@-.rsrc0.@@(@xrstuv  8 H X h x  `n,0^ 4`l94:MUIk @ H(4B]rLDk- MUIen-US#Usage: %ws [modifiers switch] [accountname] Where "accountname" can be the name or domain\name of the target computer or user account Edit Mode Switches: -R = reset HOST ServicePrincipalName Usage: setspn -R accountname -S = add arbitrary SPN after verifying no duplicates exist Usage: setspn -S SPN accountname -D = delete arbitrary SPN Usage: setspn -D SPN accountname -L = list SPNs registered to target account Usage: setspn [-L] accountname Edit Mode Modifiers: -C = specify that accountname is a computer account -U = specify that accountname is a user account Note: -C and -U are exclusive. If neither is specified, the tool will interpret accountname as a computer name if such a computer exists, and a user name if it does not. Query Mode Switches: -Q = query for existence of SPN Usage: setspn -Q SPN -X = search for duplicate SPNs Usage: setspn -X Note: searching for duplicates, especially forestwide, can take a long period of time and a large amount of memory. -Q will execute on each target domain/forest. -X will return duplicates that exist across all targets. SPNs are not required to be unique across forests, but duplicates can cause authentication issues when authenticating cross-forest. Query Mode Modifiers: -P = suppresses progress to the console and can be used when redirecting output to a file or when used in an unattended script. There will be no output until the command is complete. -F = perform queries at the forest, rather than domain level -T = perform query on the speicified domain or forest (when -F is also used) Usage: setspn -T domain (switches and other parameters) "" or * can be used to indicate the current domain or forest. Note: these modifiers can be used with the -S switch in order to specify where the check for duplicates should be performed before adding the SPN. Note: -T can be specified multiple times. m Examples: setspn -R daserver1 It will register SPN "HOST/daserver1" and "HOST/{DNS of daserver1}" setspn -S http/daserver daserver1 It will register SPN "http/daserver" for computer "daserver1" if no such SPN exists in the domain setspn -D http/daserver daserver1 It will delete SPN "http/daserver" for computer "daserver1" setspn -F -S http/daserver daserver1 It will register SPN "http/daserver" for computer "daserver1" if no such SPN exists in the forest setspn -U -S http/daserver dauser It will register SPN "http/daserver" for user account "dauser" if no such SPN exists in the domain setspn -T * -T bar -X It will report all duplicate registration of SPNs in this domain and bar setspn -T bar -F -Q */daserver It will find all SPNs of the form */daserver registered in the forest to which bar belongs &%ws is registered on these accounts: Error(%#x): Ldap Error(%#x -- %ws): unknownError getting system path 0x%x%ws: Server name too long failed%ws: Domain name too short %ws: DC name too short Could not find account %ws &%ws: DsGetDcNameWithAccountW failed! %ws: AccountName too short /Failed to bind to DC of domain %ws, error %ws FFailed to crack name %ws into the FQDN. DS_NAME_RESULT items: %d %ws PA%ws: HostSpn too short %ws: FlatSpn too short  %ws Unable to locate account %ws 8Error occurred when searching for existing SPN: 0x%08x *Duplicate SPN found, aborting operation! +Registering ServicePrincipalNames for %ws -Unregistering ServicePrincipalNames for %ws 2Failed to assign SPN on account '%ws', error %ws 2Failed to remove SPN on account '%ws', error %ws .Requested name '%ws' not found in directory. Registered ServicePrincipalNames for %wsExisting SPN found! PANo such SPN found. Updated object Invalid SPN %ws @Operation will be performed forestwide, it might take a while. calloc (%ld bytes) failed.(Found an ill-formatted SPN:%ws. ignored.$found %ld %ws of duplicate SPNs. groupgroupsentryentriesInvalid parameter Found.don't know what to search for.$%ld %ws returned from the query. =%ws is internally mapped to host/%ws. Please query host/%ws Processing entry %d PA% Currently processing domain "%ws" % Currently processing forest "%ws" %ws: Server name is empty 2%ws: Call to %ws failed with return value 0x%08X -Too many targets specified. Ignoring "%ws" 4Unknown parameter %ws. Please check your usage. 5-U and -C are only valid with -L, -R, -S, and -D. 1-F and -T are only valid with -Q, -X, and -S. #Missing parameter: accountname. (Duplicate domain specified "%ws" : %ws (Duplicate forest specified "%ws" : %ws Checking domain %ws Checking forest %ws 1Failed to retrieve DN for domain "%ws" : 0x%08X 1Failed to retrieve DN for forest "%ws" : 0x%08X CWarning: No valid targets specified, reverting to current domain. CWarning: No valid targets specified, reverting to current forest. Unknown action. 4VS_VERSION_INFO@%@%?"StringFileInfo040904B0LCompanyNameMicrosoft Corporation,FileDescriptionQuery or reset the computer's SPN attributer)FileVersion6.3.9600.16384 (winblue_rtm.130821-1623).InternalNamesetspn.LegalCopyright Microsoft Corporation. All rights reserved.FOriginalFilenamesetspn.exe.muij%ProductNameMicrosoft Windows Operating SystemBProductVersion6.3.9600.16384DVarFileInfo$Translation PADDINGX