setspn Duplicates and Case Sensitivity

Today I found out that the command I use to find duplicate SPNs, setspn -x

is case sensitive, meaning that the following SPNs don’t count as duplicates:

HOST/bla
HOST/BLA

This makes sense when using UNIX systems for TGS creation.
However, Active Directory Domain Controllers, being Windows systems, are case-insensitive and don’t differentiate between the two. You could even get event 11 because of such duplication.

Since setspn didn’t work, I wrote a few lines of my own that search the current domain for duplicate SPNs.
Since PowerShell can be made case sensitive, it can find different-cased duplicate SPNs easily.

Get-ADObject -prop serviceprincipalname -fi {serviceprincipalname -like '*'} | %{
    $name = $_.DistinguishedName
    $_.ServicePrincipalName | select @{name='SPN';Expression={$_}},@{name='DN';Expression={$name}}
} | group SPN  | ?{$_.Count -gt 1} | select count,@{Name='SPN';Expression={$_.Name}},@{Name='DN';Expression={$_.Group | select -exp DN}}

Images from SharePoint FoxHole