We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


How do I identify the Active Directory user if I have an IP address and Computer Name?

Medium Priority
Last Modified: 2012-06-27
How do I identify the Active Directory user if I have an IP address and Computer Name?

I have users within a small LAN that constantly stream audio and video and it is killing our bandwidth.  I have a Cisco ASA 5510 and am able to see the Top 10 Sources which will give me the IP address; however, when I go into Active Directory's DNS Management, and Forward Lookup Zones, it only lists the Machine/PC name on the network.  Upon setup, I used the Dell service tag number to name the workstations; therefore, I am unable to exactly identify which user is hogging all the network bandwidth resources.  

How to I match the LAN IP address:  192.168.0.x after having the PC/Workstation node Name, to the Actual NAME of the user in Active Directory users??
Watch Question

Blogger and wearer of all hats.
Unlock this solution and get a sample of our free trial.
(No credit card required)
Justin OwensITIL Problem Manager

Been a while since I have tried this from a Windows 2003 server, but from a command line, try


Where COMPUTERNAME is the computer name you are wanting to query.



Absolutely Brilliant!  Thank you!  Is that in a Windows Server 2003 WROX or MS-Press book anywhere ... meaning... I have some MS books ... no real time to read ... but if information like that is within the book, I will certainly open it up more often and read it...or is it a combination of experience, and intuitive knowledge based on combined experience over time with using MS Server 2003 and Active Directory??

DrUltima:  I went to the command line in Server 2003 and the command you suggested did not work...I was in the root of C:\ when I ran the following command:   WMIC /NODE:  (computername) GET USERNAME...no dice...your thoughts??

Thank you both for your super fast response!  

One last question:  when I identify the IP address, the Computername and Username...what is the cleanest' way to KILL the session??  

Thank you!
Joseph MoodyBlogger and wearer of all hats.

What do you mean "kill the session"?

Most of it is knowledge picked up through working. If you haven't, look at taking the 70-642 exam. It will teach you a lot about how networks are tied to AD.


Super fast and very relevant.  Perfect.  Worth my one-year membership and then some!


In UNIX there is a command to kill a process by ID...a number...but if I find that one workstation is hogging up 90% of the network resources and I'm in another building or working remotely, is there a way to "Stop" the user or remove them from the network or disable them somehow...remotely via a command that removes them from being allowed to access WAN/Internet resources that are harmful to the internal LAN environment..."Shut Them Down?"

Thanks again!
Joseph MoodyBlogger and wearer of all hats.

There are multiple ways of doing that.

You could create an access list in a router that blockes them.
You could purchase a packetteer (a networking device designed to limit bandwidth usage)
You could set up Network Access Protection
You could move the port to an empty VLAN that doesn't route.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.