Solved

How do you find an IP address from Active directory

Posted on 2008-06-11
12
4,446 Views
Last Modified: 2012-05-05
How do you find an IP address from Active directory, given that the machine is off/old/not online, and DNS and WINS do not have entries either (the name does not match what is in AD)
0
Comment
Question by:loftyworm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
12 Comments
 
LVL 3

Assisted Solution

by:polazarus
polazarus earned 50 total points
ID: 21762689
Here is something  you can try
install and run this and pipe the output to a file
www.unixwiz.net/tools/nbtscan.html 

Open the file and look for similar ip addresses and the name associated with it
Find out where the people are located
Go to the building and see if you can find it.
0
 
LVL 22

Expert Comment

by:Paka
ID: 21762717
Need more information on this one.  DNS & NSLOOKUP are normally your first stop in chasing down a name to IP mappings.  DHCP if enabled might help.  You can also check event logs depending on what you are trying to find.
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 150 total points
ID: 21762921
Just look in the DNS for the record which contains the computer name, or look up the information using an NSLOOKUP query to the DNS server. DNS is Active Directory's store for linking IP address to PC host name, so if it's not there (or in DHCP, as a second option), it's highly unlikely it is going to be available anywhere else.

I'm not sure what the first post describes - it's really a lot easier and less complicated than that.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 3

Expert Comment

by:polazarus
ID: 21763062
The tool goes out and queries port 137 and 138 and prints the netbios information in a space delimited format.  It will give you the ip address, user name (if logged in) and mac address.

I use it to locate machines that are hard to find.  From what I read lofty does not have the luxury of doing nslookups as the Dynamic DNS is reporting incorrect information.

When I was working enterprise admin (Tivoli) I had to create ways to hunt down endpoints that were causing problems or not communicating with the environment.

Maybe I read this wrong if so I do offer my apologies.
0
 
LVL 11

Author Comment

by:loftyworm
ID: 21763415
@Polazarus
Nope, you read it right, kinda.
I want to pull the info straight out of AD.  This extra tool will be useful assuming the name does not match and DNS/DHCP/WINS are all not telling me anything, but there is a legacy entry in AD I want to track down.

Take this example;
In U&C I find a computer I do not recognize, and I want to find out if it is a good system, or an old one that needs to be deleted.
DNS/DHCP/WINS all show nothing.
The machine is not being tombstoned, and does not show the red X, so, how do I track it down?
I have done the detective thing in the past, but I was hopeing that there was an easy way to do this.
0
 
LVL 3

Expert Comment

by:polazarus
ID: 21763803
I think the safest and easiest way to handle those machines is to disable the account in active directory, then wait about 3 weeks checking from time to time to see if the machine shows up.  If it does not show up then delete it.
0
 
LVL 11

Author Comment

by:loftyworm
ID: 21763809
How do you disable a machine object?
0
 
LVL 3

Expert Comment

by:polazarus
ID: 21763943
in users and computers search for the computer, right mouse click on the icon and there is an option of Disabling the account.
0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 50 total points
ID: 21764761
if there is no records in any of the usual places - you can try an arp lookup

arp -a IP

if that fails, then you have no way of tracing it, AD does not store an address attribute in any way
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21764770
sorry - you are looking for the address - i am an idiot :)
0
 
LVL 22

Assisted Solution

by:Paka
Paka earned 150 total points
ID: 21770951
It sounds like you want to remove stale computer objects from Active Directory.  The easiest way to do this is to run the following from the command line:

dsquery computer -stalepwd 60 -limit 0

What this command will do is check Active Directory for any computer that hasn't reset it's password for 60 days and print a list of these computers to the console.  (Computer objects reset their passwords every 30 days by default - so this should be a pretty accurate list of computers that don't exist anymore).  If you want to delete these computer objects (after reviewing them), just pipe the output to dsrm like this:

dsquery computer -stalepwd 60 -limit 0 | dsrm
(the | is the shift "\" key).

Depending on the size of your organization, It is usually a better idea to just move those objects to a special OU (like OldComputers), disable them, let them sit for a month, then delete them.  To do this use this command:

dsquery computer -stalepwd 60 -limit 0 | dsmove -newparent "ou=oldComputers,dc=myDomain,dc=com"

This will move computers that haven't reset their passwords for 60 days into an ou named "oldComputers" (you will need to create this ou before you run the command).  After they are moved, use Active Directory Users and Computers to select all of the computers in that OU, right-mouse click and disable them in bulk.  You can also delete them in bulk when the time comes.
0
 
LVL 11

Author Closing Comment

by:loftyworm
ID: 31466264
All these answers help with the old computer issue, but I guess the answer is more "Active Directory does not store the IP in any form"
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question