Solved

How do you find an IP address from Active directory

Posted on 2008-06-11
12
4,157 Views
Last Modified: 2012-05-05
How do you find an IP address from Active directory, given that the machine is off/old/not online, and DNS and WINS do not have entries either (the name does not match what is in AD)
0
Comment
Question by:loftyworm
  • 4
  • 3
  • 2
  • +2
12 Comments
 
LVL 3

Assisted Solution

by:polazarus
polazarus earned 50 total points
ID: 21762689
Here is something  you can try
install and run this and pipe the output to a file
www.unixwiz.net/tools/nbtscan.html

Open the file and look for similar ip addresses and the name associated with it
Find out where the people are located
Go to the building and see if you can find it.
0
 
LVL 22

Expert Comment

by:Paka
ID: 21762717
Need more information on this one.  DNS & NSLOOKUP are normally your first stop in chasing down a name to IP mappings.  DHCP if enabled might help.  You can also check event logs depending on what you are trying to find.
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 150 total points
ID: 21762921
Just look in the DNS for the record which contains the computer name, or look up the information using an NSLOOKUP query to the DNS server. DNS is Active Directory's store for linking IP address to PC host name, so if it's not there (or in DHCP, as a second option), it's highly unlikely it is going to be available anywhere else.

I'm not sure what the first post describes - it's really a lot easier and less complicated than that.
0
 
LVL 3

Expert Comment

by:polazarus
ID: 21763062
The tool goes out and queries port 137 and 138 and prints the netbios information in a space delimited format.  It will give you the ip address, user name (if logged in) and mac address.

I use it to locate machines that are hard to find.  From what I read lofty does not have the luxury of doing nslookups as the Dynamic DNS is reporting incorrect information.

When I was working enterprise admin (Tivoli) I had to create ways to hunt down endpoints that were causing problems or not communicating with the environment.

Maybe I read this wrong if so I do offer my apologies.
0
 
LVL 11

Author Comment

by:loftyworm
ID: 21763415
@Polazarus
Nope, you read it right, kinda.
I want to pull the info straight out of AD.  This extra tool will be useful assuming the name does not match and DNS/DHCP/WINS are all not telling me anything, but there is a legacy entry in AD I want to track down.

Take this example;
In U&C I find a computer I do not recognize, and I want to find out if it is a good system, or an old one that needs to be deleted.
DNS/DHCP/WINS all show nothing.
The machine is not being tombstoned, and does not show the red X, so, how do I track it down?
I have done the detective thing in the past, but I was hopeing that there was an easy way to do this.
0
 
LVL 3

Expert Comment

by:polazarus
ID: 21763803
I think the safest and easiest way to handle those machines is to disable the account in active directory, then wait about 3 weeks checking from time to time to see if the machine shows up.  If it does not show up then delete it.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 11

Author Comment

by:loftyworm
ID: 21763809
How do you disable a machine object?
0
 
LVL 3

Expert Comment

by:polazarus
ID: 21763943
in users and computers search for the computer, right mouse click on the icon and there is an option of Disabling the account.
0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 50 total points
ID: 21764761
if there is no records in any of the usual places - you can try an arp lookup

arp -a IP

if that fails, then you have no way of tracing it, AD does not store an address attribute in any way
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21764770
sorry - you are looking for the address - i am an idiot :)
0
 
LVL 22

Assisted Solution

by:Paka
Paka earned 150 total points
ID: 21770951
It sounds like you want to remove stale computer objects from Active Directory.  The easiest way to do this is to run the following from the command line:

dsquery computer -stalepwd 60 -limit 0

What this command will do is check Active Directory for any computer that hasn't reset it's password for 60 days and print a list of these computers to the console.  (Computer objects reset their passwords every 30 days by default - so this should be a pretty accurate list of computers that don't exist anymore).  If you want to delete these computer objects (after reviewing them), just pipe the output to dsrm like this:

dsquery computer -stalepwd 60 -limit 0 | dsrm
(the | is the shift "\" key).

Depending on the size of your organization, It is usually a better idea to just move those objects to a special OU (like OldComputers), disable them, let them sit for a month, then delete them.  To do this use this command:

dsquery computer -stalepwd 60 -limit 0 | dsmove -newparent "ou=oldComputers,dc=myDomain,dc=com"

This will move computers that haven't reset their passwords for 60 days into an ou named "oldComputers" (you will need to create this ou before you run the command).  After they are moved, use Active Directory Users and Computers to select all of the computers in that OU, right-mouse click and disable them in bulk.  You can also delete them in bulk when the time comes.
0
 
LVL 11

Author Closing Comment

by:loftyworm
ID: 31466264
All these answers help with the old computer issue, but I guess the answer is more "Active Directory does not store the IP in any form"
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now