Solved

Is there a cmd which can send directly a query to the host to obtain his domain?

Posted on 2011-02-23
14
379 Views
Last Modified: 2012-05-11
Is there a cmd which can send directly a query to the host to obtain his domain?  I don't want a query to DNS (suppose it's not configured properly ). Which cmd can give the domain of the host if I have his ip adr? I have list of 100 servers to verify...
0
Comment
Question by:SAM2009
  • 5
  • 4
  • 3
  • +2
14 Comments
 
LVL 3

Accepted Solution

by:
OrenRozen earned 167 total points
Comment Utility
Hi,

Basically, this script use the command SYSTEMINFO to get the information you need and in this script I'm looking for the 'Domain:' value, but you can change the 'Domain:' to any other thing this command show.

Put this command in a batch file

for /F "tokens=2" %%a in ('systeminfo /S %1 ^| find /i "Domain:"') DO echo %%a

To use just type the batch file name and the remote ip (e.g finddom.cmd 192.168.1.55)
0
 
LVL 2

Expert Comment

by:-HenryM-
Comment Utility
i am unaware of a single command...

however you could execute a script to accomplish this...

http://www.codeproject.com/KB/vbscript/userinfo.aspx
0
 
LVL 10

Assisted Solution

by:APNFSSC
APNFSSC earned 167 total points
Comment Utility
if your running windows domains then you could run into security issues with what ever solution you choose.

Where you query a machine that is on a different domain or the account you are running from does not have permission to query the system.

Below is an example of how to do this using WMI

wmic /Node:COMPUTERNAME ComputerSystem Get Domain | findstr /V "Domain" | findstr /R /V "^$"
0
 
LVL 12

Expert Comment

by:Alan3285
Comment Utility
Hi,

There is no definitive answer to the question you would be asking.

For example, I could point both:

www.example.com

AND

www.invalid.com

to the same IP address (say, 123.123.123.123)

If so, then what is the correct answer to your question?

This is very common with multiple websites being hosted on a single server, especially at the 'cheap' (or free) end of the market.

Alan.
0
 
LVL 1

Author Comment

by:SAM2009
Comment Utility
Alan what you said is correct if the domain is queried by the DNS that why I asked for for something which query the info directly to the host machine if I have the IP.
0
 
LVL 3

Expert Comment

by:OrenRozen
Comment Utility
Hi,

Please look at my initial post to your question.
It uses the SYSTEMINFO command line. using this command following the IP address of the remote machine you get additional including the domain as shown on that remote machine.
and the script just filters all the other information to show the result that is the domain.

Maybe I didn't understand your question question   and if so, I'd appreciate if you'll clarify.

Thanks,
Oren
0
 
LVL 1

Author Comment

by:SAM2009
Comment Utility
Ya I tried. I put the cmd in "get_dom.bat" and run the cmd like this but the only thing I get is the cmd back:

C:\>get_dom.bat 192.168.1.1

C:\>for /F "tokens=2" %a in ('systeminfo /S 192.168.1.1 | find /i "Domain:"') DO echo %a
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 3

Expert Comment

by:OrenRozen
Comment Utility
from command line try :

systeinfo /S 192.168.1.1

you should get a lot of information. one of the fields is Domain.
if you get the domain then the problem is only with the command itself.
BTW, in your last reply add the ^ mark just before the | mark in the command you entered.

0
 
LVL 12

Expert Comment

by:Alan3285
Comment Utility
Hi Sam2009,

If you re-read my response, you will see that I am talking about the situation where you have the IP address and want to get a hostname back.

You seem to be wanting something like:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

> GiveMeYourName 123.123.123.123

ThisIs 123.123.123.123: My name is www.example.com

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

There cannot always be a single response to such a query for a given IP.

Moreover, there is no reason why any given IP has to have ANY hostname.


Alan.
0
 
LVL 1

Author Comment

by:SAM2009
Comment Utility
Hi Alan,

Yes in DSN you can put many hostname and the A record can point to more than 1 Ip adr but in the server itself it can just link to one domain no?

Like:

Exemple.com  123.123.123.123
Exemple.net    123.123.123.124


If we go directly to the server maybe the  name is SERVER1.Domain.com. I just the domain name  on the server not the info from DNS.
0
 
LVL 12

Expert Comment

by:Alan3285
Comment Utility
Hi Sam2009,

Are you talking about 100 servers all being members of various Windows Server Domains, or are you talking about 100 servers on the net for which you have IP addresses, and you want to know what domain(s) they are serving on behalf of?

Also, you have variously asked about domains and hostnames - they are different.

If you are talking about Windows Server Domains, then you could have (for example):

server1.mydomain1.local
server2.mydomain1.local
server3.mydomain2.local

In that example, there are three hostnames across two Windows Server Domains (which might, or might not have a trust relationship between them).

If you are talking about internet domains, then you could have (for example):

www.example.com on 123.123.123.123
smtp.example.com on 123.123.123.123

OR

www.example.com on 123.123.123.123
smtp.example.com on 123.123.123.124
www.invalid.com on 123.123.123.123
smtp.invalid.com on 123.123.123.124

In the first of those two examples, you could say, in a sense, that the domain (example.com) is hosted on 123.123.123.123 (although even then, you'd have to check where the authoritative nameservers for example.com are located).

In the second example, both 'domains' are (at least partially) hosted on 123.123.123.123 (and also 123.123.123.124).


I am picking you mean the former (Windows Server Domains), but best to check I guess!

Does that help?

Alan.
0
 
LVL 1

Author Comment

by:SAM2009
Comment Utility
That I'm  talking about Windows Server Domains. Ya I see you mean that same IP adr can be assigned to different servers in differerent domains right? But it is not the case there is trust between all domains and just unique IP is assigned to servers.
0
 
LVL 12

Assisted Solution

by:Alan3285
Alan3285 earned 166 total points
Comment Utility
Hi Sam2009,

You could try using PSEXEC from SysInternals (now part of Microsoft) to run an IPConfig /All on each of those machines.  I am assuming you have appropriate permissions else this whole conversation is moot :-)

http://technet.microsoft.com/en-us/sysinternals/bb897553

Something like:

psexec \\192.168.1.1 ipconfig /all


Would that work for you?

Alan.


0
 
LVL 1

Author Closing Comment

by:SAM2009
Comment Utility
Thank you for all your suggestions!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now