Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4607
  • Last Modified:

How do you find an IP address from Active directory

How do you find an IP address from Active directory, given that the machine is off/old/not online, and DNS and WINS do not have entries either (the name does not match what is in AD)
0
loftyworm
Asked:
loftyworm
  • 4
  • 3
  • 2
  • +2
4 Solutions
 
polazarusCommented:
Here is something  you can try
install and run this and pipe the output to a file
www.unixwiz.net/tools/nbtscan.html 

Open the file and look for similar ip addresses and the name associated with it
Find out where the people are located
Go to the building and see if you can find it.
0
 
PakaCommented:
Need more information on this one.  DNS & NSLOOKUP are normally your first stop in chasing down a name to IP mappings.  DHCP if enabled might help.  You can also check event logs depending on what you are trying to find.
0
 
tigermattCommented:
Just look in the DNS for the record which contains the computer name, or look up the information using an NSLOOKUP query to the DNS server. DNS is Active Directory's store for linking IP address to PC host name, so if it's not there (or in DHCP, as a second option), it's highly unlikely it is going to be available anywhere else.

I'm not sure what the first post describes - it's really a lot easier and less complicated than that.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
polazarusCommented:
The tool goes out and queries port 137 and 138 and prints the netbios information in a space delimited format.  It will give you the ip address, user name (if logged in) and mac address.

I use it to locate machines that are hard to find.  From what I read lofty does not have the luxury of doing nslookups as the Dynamic DNS is reporting incorrect information.

When I was working enterprise admin (Tivoli) I had to create ways to hunt down endpoints that were causing problems or not communicating with the environment.

Maybe I read this wrong if so I do offer my apologies.
0
 
loftywormAuthor Commented:
@Polazarus
Nope, you read it right, kinda.
I want to pull the info straight out of AD.  This extra tool will be useful assuming the name does not match and DNS/DHCP/WINS are all not telling me anything, but there is a legacy entry in AD I want to track down.

Take this example;
In U&C I find a computer I do not recognize, and I want to find out if it is a good system, or an old one that needs to be deleted.
DNS/DHCP/WINS all show nothing.
The machine is not being tombstoned, and does not show the red X, so, how do I track it down?
I have done the detective thing in the past, but I was hopeing that there was an easy way to do this.
0
 
polazarusCommented:
I think the safest and easiest way to handle those machines is to disable the account in active directory, then wait about 3 weeks checking from time to time to see if the machine shows up.  If it does not show up then delete it.
0
 
loftywormAuthor Commented:
How do you disable a machine object?
0
 
polazarusCommented:
in users and computers search for the computer, right mouse click on the icon and there is an option of Disabling the account.
0
 
Jay_Jay70Commented:
if there is no records in any of the usual places - you can try an arp lookup

arp -a IP

if that fails, then you have no way of tracing it, AD does not store an address attribute in any way
0
 
Jay_Jay70Commented:
sorry - you are looking for the address - i am an idiot :)
0
 
PakaCommented:
It sounds like you want to remove stale computer objects from Active Directory.  The easiest way to do this is to run the following from the command line:

dsquery computer -stalepwd 60 -limit 0

What this command will do is check Active Directory for any computer that hasn't reset it's password for 60 days and print a list of these computers to the console.  (Computer objects reset their passwords every 30 days by default - so this should be a pretty accurate list of computers that don't exist anymore).  If you want to delete these computer objects (after reviewing them), just pipe the output to dsrm like this:

dsquery computer -stalepwd 60 -limit 0 | dsrm
(the | is the shift "\" key).

Depending on the size of your organization, It is usually a better idea to just move those objects to a special OU (like OldComputers), disable them, let them sit for a month, then delete them.  To do this use this command:

dsquery computer -stalepwd 60 -limit 0 | dsmove -newparent "ou=oldComputers,dc=myDomain,dc=com"

This will move computers that haven't reset their passwords for 60 days into an ou named "oldComputers" (you will need to create this ou before you run the command).  After they are moved, use Active Directory Users and Computers to select all of the computers in that OU, right-mouse click and disable them in bulk.  You can also delete them in bulk when the time comes.
0
 
loftywormAuthor Commented:
All these answers help with the old computer issue, but I guess the answer is more "Active Directory does not store the IP in any form"
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now