Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How do I identify the Active Directory user if I have an IP address and Computer Name?

Posted on 2011-04-29
Medium Priority
Last Modified: 2012-06-27
How do I identify the Active Directory user if I have an IP address and Computer Name?

I have users within a small LAN that constantly stream audio and video and it is killing our bandwidth.  I have a Cisco ASA 5510 and am able to see the Top 10 Sources which will give me the IP address; however, when I go into Active Directory's DNS Management, and Forward Lookup Zones, it only lists the Machine/PC name on the network.  Upon setup, I used the Dell service tag number to name the workstations; therefore, I am unable to exactly identify which user is hogging all the network bandwidth resources.  

How to I match the LAN IP address:  192.168.0.x after having the PC/Workstation node Name, to the Actual NAME of the user in Active Directory users??
Question by:mycoal_2006
  • 3
  • 3
LVL 22

Accepted Solution

Joseph Moody earned 2000 total points
ID: 35491621
Look up the IP in DHCP. The computer name will be beside it.

Next open up regedit - click file connect network registry. Connect to the computer name above.

On the remote registry, browse to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. Look for the key defaultusername

You can also browse to \\COMPUTERNAME\c$. Look in either Documents and Settings or Users (depending on OS). Sort by date modified. The newest profile will be your logged on user. If it is Vista/7, it will be even easier. The profile will have a lock over it.
LVL 31

Expert Comment

by:Justin Owens
ID: 35491732
Been a while since I have tried this from a Windows 2003 server, but from a command line, try


Where COMPUTERNAME is the computer name you are wanting to query.


Author Comment

ID: 35491925
Absolutely Brilliant!  Thank you!  Is that in a Windows Server 2003 WROX or MS-Press book anywhere ... meaning... I have some MS books ... no real time to read ... but if information like that is within the book, I will certainly open it up more often and read it...or is it a combination of experience, and intuitive knowledge based on combined experience over time with using MS Server 2003 and Active Directory??

DrUltima:  I went to the command line in Server 2003 and the command you suggested did not work...I was in the root of C:\ when I ran the following command:   WMIC /NODE:  (computername) GET USERNAME...no dice...your thoughts??

Thank you both for your super fast response!  

One last question:  when I identify the IP address, the Computername and Username...what is the cleanest' way to KILL the session??  

Thank you!
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

LVL 22

Expert Comment

by:Joseph Moody
ID: 35491950
What do you mean "kill the session"?

Most of it is knowledge picked up through working. If you haven't, look at taking the 70-642 exam. It will teach you a lot about how networks are tied to AD.

Author Closing Comment

ID: 35493501
Super fast and very relevant.  Perfect.  Worth my one-year membership and then some!

Author Comment

ID: 35493518
In UNIX there is a command to kill a process by ID...a number...but if I find that one workstation is hogging up 90% of the network resources and I'm in another building or working remotely, is there a way to "Stop" the user or remove them from the network or disable them somehow...remotely via a command that removes them from being allowed to access WAN/Internet resources that are harmful to the internal LAN environment..."Shut Them Down?"

Thanks again!
LVL 22

Expert Comment

by:Joseph Moody
ID: 35494438
There are multiple ways of doing that.

You could create an access list in a router that blockes them.
You could purchase a packetteer (a networking device designed to limit bandwidth usage)
You could set up Network Access Protection
You could move the port to an empty VLAN that doesn't route.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question