How do I identify the Active Directory user if I have an IP address and Computer Name?

How do I identify the Active Directory user if I have an IP address and Computer Name?

I have users within a small LAN that constantly stream audio and video and it is killing our bandwidth.  I have a Cisco ASA 5510 and am able to see the Top 10 Sources which will give me the IP address; however, when I go into Active Directory's DNS Management, and Forward Lookup Zones, it only lists the Machine/PC name on the network.  Upon setup, I used the Dell service tag number to name the workstations; therefore, I am unable to exactly identify which user is hogging all the network bandwidth resources.  

How to I match the LAN IP address:  192.168.0.x after having the PC/Workstation node Name, to the Actual NAME of the user in Active Directory users??
Who is Participating?
Joseph MoodyBlogger and wearer of all hats.Commented:
Look up the IP in DHCP. The computer name will be beside it.

Next open up regedit - click file connect network registry. Connect to the computer name above.

On the remote registry, browse to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. Look for the key defaultusername

You can also browse to \\COMPUTERNAME\c$. Look in either Documents and Settings or Users (depending on OS). Sort by date modified. The newest profile will be your logged on user. If it is Vista/7, it will be even easier. The profile will have a lock over it.
Justin OwensITIL Problem ManagerCommented:
Been a while since I have tried this from a Windows 2003 server, but from a command line, try


Where COMPUTERNAME is the computer name you are wanting to query.

mycoal_2006Author Commented:
Absolutely Brilliant!  Thank you!  Is that in a Windows Server 2003 WROX or MS-Press book anywhere ... meaning... I have some MS books ... no real time to read ... but if information like that is within the book, I will certainly open it up more often and read it...or is it a combination of experience, and intuitive knowledge based on combined experience over time with using MS Server 2003 and Active Directory??

DrUltima:  I went to the command line in Server 2003 and the command you suggested did not work...I was in the root of C:\ when I ran the following command:   WMIC /NODE:  (computername) GET dice...your thoughts??

Thank you both for your super fast response!  

One last question:  when I identify the IP address, the Computername and Username...what is the cleanest' way to KILL the session??  

Thank you!
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Joseph MoodyBlogger and wearer of all hats.Commented:
What do you mean "kill the session"?

Most of it is knowledge picked up through working. If you haven't, look at taking the 70-642 exam. It will teach you a lot about how networks are tied to AD.
mycoal_2006Author Commented:
Super fast and very relevant.  Perfect.  Worth my one-year membership and then some!
mycoal_2006Author Commented:
In UNIX there is a command to kill a process by ID...a number...but if I find that one workstation is hogging up 90% of the network resources and I'm in another building or working remotely, is there a way to "Stop" the user or remove them from the network or disable them somehow...remotely via a command that removes them from being allowed to access WAN/Internet resources that are harmful to the internal LAN environment..."Shut Them Down?"

Thanks again!
Joseph MoodyBlogger and wearer of all hats.Commented:
There are multiple ways of doing that.

You could create an access list in a router that blockes them.
You could purchase a packetteer (a networking device designed to limit bandwidth usage)
You could set up Network Access Protection
You could move the port to an empty VLAN that doesn't route.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.