Dear All, we have migrated the SCOM RMS and MS roles a while ago, and we also used to have some test SCOM management servers in our domain, which are all extinct by now. Today we discovered that there is an SPN entry for each of those servers, which were decommisioned a long time ago, and all associated with the MSOMHSvc SPN. In order to get this information I used the following command (thanks Kevin): Ldifde -f c:\ldifde.txt -t 3268 -d DC=domain,dc=local -r "(serviceprincipalname=MSOMHSvc/*)" -l serviceprincipalname - p subtree this command returned 7 entries (and we only have 1 RMS and 1 MS). What can I do in order to clean this up? Is there any danger in leaving this configration alone? Thank you.

Hi, You should normally have 2 entries in your txt file. To clean this up you can use adsiedit.msc and for each of the 5 extinct servers you can edit the serviceprincipalname attribute and remove the 2 lines concerning MSOMHSvc. I'm wondering something. These "extinct" servers are still used for something else ? Or maybe they have not been unjoined from the domain before being removed/formated/whatever-you-did-with-them ? Regards.Supervize Me

Hello Francois, I followed your advice and now I have a clean SPN. Thank you! To answer your question, I don't think the servers were gracefully disjoined, but directly deleted from AD. I can still see them with ADSI, although they don't appear anymore under AD Users and Computers snap-in. Now I am wondering, shouldn't I delete them completely using ADSI, instead of just the SPN entries for SCOM?