No need to bother with the syntax of SetSPN anymore (despite it still works).
There is now a native function built into the Get-ADComputer and Set-ADComputer cmdlets.
View all SPN for a given computer
Use the Get-ADComputer cmdlet and specify the ServicePrincipalNames parameter.
It returns an array of values you can easily expand with the Select-Object cmdlet associated with the
ExpandProperty parameter.
Get-ADComputer -Identity MyComputer -Properties ServicePrincipalNames |Select-Object -ExpandProperty ServicePrincipalNames
Change the SPN list for a given computer
This can be done with the Set-ADComputer cmdlet associated with the ServicePrincipalNames
parameter.
The value you have to passe must be a hashtable, or an array of hashtables, or $Null (if you want to
clear the list).
The list of valid keys is:
- Add
- Remove
- Replace
The value of the Key/Value pair can be a single string or an array of strings.
In the following example I add a single string:
Set-ADComputer @{Add='WSMAN/Mycomputer'}
And in the next example I add an array of strings:
Set-ADComputer -ServicePrincipalNames @{Add='WSMAN/Mycomputer','WSMAN/Mycomputer.MyDomain.Com'}
Here is another example with two Key/Value pairs to remove and add values at the same time.
Set-ADComputer -ServicePrincipalNames @{Add='WSMAN/Mycomputer'},@{Remove='WSMAN/Mycomputer.MyDomain.Com'}
And finally, here is how to clear the whole list:
Set-ADComputer -ServicePrincipalNames $Null
itluke.online 
Thanks for putting this together, exactly what i was looking for.
LikeLike
Thanks. I needed to look at users SPN, so Get-ADUser -Identity MYUser works as well!
LikeLiked by 1 person