Solved

track down the location of a machine advertising a domain or workgroup

Posted on 2008-06-24
6
194 Views
Last Modified: 2010-04-21
Under Microsoft Windows Network I can see a Domain or Workgroup listed that shouldn't be. I can't access it. I would like to track it down. How do I go about finding what machine is advertising this?
0
Comment
Question by:jjc_mn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 4

Accepted Solution

by:
raymondzwarts earned 500 total points
ID: 21859659
Use a packet capturing tool (like wireshark) to see who is broadcasting as master browser for the specific domain/workgroup. The packets will show up as Windows Browser Protocol and Server Message Block protocol packets.

The Packets will contain the Workgroup/Domain name and the source IP is the PC/Laptop/Server announcing the rougue domain/workgroup.

The broadcast is limited to the layer 2 subnet that the pc is on. But if you are using WINS or likewise systems in Active Directory it might take some more time to find the culprit.

Regards,
Raymond Zwarts
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21859953
You should be able to get some information from a command line. Use DomainABC as an example domain name:
  nbtstat  -a  DomainABC
Should return a NetBIOS name list which should include a few entries such as:
ComputerName  <00>  UNIQUE
DomainABC         <00>   GROUP
It will also include the MAC address

Then ping the computer name:
     ping ComputerName
and it should return the IP address

Just a start. but it may help if you know the computer name ,MAC, and IP
If you do not get a response from the nbtstat command, or ping, it may be that the machine was temporarily connected to the network, and is no longer present. If that is the case the entry should disappear after a day or so.
0
 

Author Comment

by:jjc_mn
ID: 21867270
nbtstat -a DoaminABC doesn't work.  Is the example correct?

I haven't had a change to try wireshark yet.

0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 21867338
I assume you changed DomainABC to the domain name you are seeing. If it doesn't work it may have a firewall blocking the necessary ports, or possibly more likely it is no longer connected to the network.
0
 

Author Comment

by:jjc_mn
ID: 21867983
I did change the name. I didn't add any slashes, just the name. Does that matter. I am doing this at a workstation, not on a server. There should be no firewall and I do see them in the GUI  Under Microsoft Windows Network.

Can you past an example?
0
 

Author Closing Comment

by:jjc_mn
ID: 31470290
Thanks
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question