1. You are correct, it's the --remove option.
2. "Computer Accounts" in Active Directory are the objects that represent the system. In an AD environment, computer accounts are treated as user accounts (they authenticate using Kerberos against the domain, the password is maintained by the client software -in this case Centrify's-). In the context of your issue, the ServicePrincipalNames are tied to the computer objects, so when you run the setspn -L or adinfo -C commands, you're basically asking "What SPNs are registered under this computer account?" for example, the HTTP SPN, allows a web application that supports Kerberos to provide SSO services to end-users in the same realm.
For example, my CentOS 6 system (engcen6) is joined to Active Directory with Centrify software:
1. The computer account is under the Centrify\Computers OU
2. Note that the system properties report the Operating System and version plus the Centrify software version.
3. Since I joined this system using the defaults (as per my original link to you), the setspn command shows the nfs, ipp, http, host, ftp, cifs and afp SPNs using the system shortname and FQDN.
What does this mean?
Let's say I wanted to add another system with the same name. There is a naming conflict (all system names must be unique within a domain), same with SPNs.
What are the actions I can take:
I can remove the old system if it's meant to be terminated (using adleave --remove) and join a new one with the same name.
I can rename the new system if the old one is meant to be maintained.
I could remove the offending SPNs in question and register them under another system.
I could have a load-balanced application and have two systems register the same SPN, in that case I can merge the Kerberos keytabs.
Does this make sense?
R.P