Query for retrieving account associated with ServicePrincipleName(SPN)

Question

We have an internal site which was built on C# and has various tools for various functions to help the company like looking up/modifying/adding service accounts, for example. The tools are just C# code to automate these tasks. /vague

I've been asked to find/create a way to enter an SPN and have it return the service account which it's associated to.

So something like:

Input: HTTP/server1.company.com

Output: SVC_ACCT_AWESOME

The other request I got was for entering a service account name and have it give the KVNO back.

Issue, I have never done anything in C# before. I have Visual Studio 2013 loaded and I want to learn. I've spent hours pouring over the Googles and haven't found anything useful other than this:

https://msdn.microsoft.com/en-us/library/vstudio/system.servicemodel.configuration.identityelement.serviceprincipalname(v=vs.100).aspx

Unfortunately it doesn't mean anything to me.

Any direction that can be given for these specific tasks would be super appreciated!

Thanks.

a little sheep · Answer 1 · 2015-03-27T03:12:12.723

I believe you can query AD for SPNs with something like this:

using (var root = new DirectoryEntry()) // or pass in something like "LDAP://dc=example,dc=com" to query a different domain
using (var searcher = new DirectorySearcher(root))
{
    searcher.Filter = "(servicePrincipalName=HTTP/server1.company.com)";

    using (var results = searcher.FindAll())
    {
        foreach (SearchResult result in results)
            Console.WriteLine(result.Properties["samAccountName"][0]); // or whatever you want to do with it
    }
}

(this needs a reference to System.DirectoryServices)

Query for retrieving account associated with ServicePrincipleName(SPN)

1 Answers1