We help IT Professionals succeed at work.

number of PCs in each site

DRRAM
DRRAM asked
on
Please
I Have a server Windows 2008 Domain Controler (active directory) and i have several site in the AD
Please how can I know the number of PCs in each site
(via ??? or other solution : link between DHCP and Active directory )
Thx
Comment
Watch Question

Each site should have one or more subnets associated with it (right-click on the Site in Active Directory Sites and Services, and click properties). Once you have a list of subnets associates to each site, either use DHCP, or even better, run an IP scan using a port-scanner like NMAP (ZenMap), or Angry IP Scanner. If you do a full scan, you should be able to see which nodes are workstation and which ones are other devices.

Even better, you can install SpiceWorks (free) on any workstation, add all the subnets to its configuration, and scan the entire network. Be aware that SpiceWorks is resource-intensive on the workstation that it's running on, but it gives you a very detailed image of all your devices, down to the installed software, hardware utilization, event logs, and so on.

Author

Commented:
Can you give me another idea please ???
Top Expert 2012

Commented:
If you are wanting to know the computer names on each site......

assuming each site has a different IP Range

GO to Start>Programs>Administrative Tools
Open DNS
Expand DC Name
Expand Domain Name

IN the list on the right you will see all the current PCs which have obtained an IP Adress listed according to Computer Name.

Now Arrange the List by IP Address.

Ideally you should know what IP Range is associated to what site.

Once known and arranged, you can quickly and accuratley gadge what PCs are at what Site, Their Computer Names, their IP Addresses, even Pritners.

Well, AD Sites are merely logical containers of subnets, so to find out how many workstations you have under each site, you need to count the workstations under the subnets associated to the site.

Now, to count the workstations, you need some sort of an IP scanner. You could just look at the address leases on DHCP, but that won't give you any workstation that has a static IP address, so it won't be accurate. Besides, you'll have to figure out which leases are for computers and which ones are for printers/phones/etc.

I think the quickest way to do this is through ZenMap (http://nmap.org/zenmap/). Just download it, put the IP range of each subnet (ex. 192.168.0.1-254), and run a quick scan. There might be other ways that I don't know about, so let's see what others say.

 
@apache09, yes but DNS still won't give him an accurate picture of all the workstations. Non-Windows workstations (Mac, Linux) won't auto-register their A records on DNS through DHCP. The same thing applies to phones and printers. The A records for these need to be added manually.

Commented:
The only real, sure-fire way to find every single device in the subnet(s) is to ping/scan every IP, while watching the ARP table. Most modern boxes have firewalls and don't respond to pings or unsolicited requests anyway. The MAC addresses from the ARP table can then be referenced in a manufacturer look up table, to determine device type. Nmap is also pretty good at guessing OS type. This could all be automated with a little script-fu, of course.
Digus is right, but that's a very time consuming process.

NMap (ZenMap) still detects the hosts if you run an intense scan, since it doesn't rely on ICMP (ping) responses only. It looks for hosts by scanning for open ports on the entire IP range, and a few other methods which I don't remember, but it can still miss a few.
Commented:
Hehe - that's why I said script. I could probably write one to do this in bash, in a few minutes - I'm not sure about a batch or powershell script though.

Also, I just remembered, Nmap (and presumably ZenMap) already reference a MAC address lookup table and report the manufacturer info to you. With that and the OS detection enabled, along with the "-P0" switch (for firewalled hosts), It should be able to do a pretty thorough job. A good command example for nmap or zenmap this:


Nagios:~# nmap -P0OA --version-all --osscan-guess 172.16.0.1-254

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-12-07 06:17 CST
Interesting ports on 172.16.0.1:
Not shown: 1676 closed ports
PORT     STATE    SERVICE
53/tcp   open     domain
222/tcp  open     rsh-spx
808/tcp  filtered ccproxy-http
2000/tcp open     callbook
MAC Address: 00:0C:42:CF:4A:63 (Routerboard.com)

Interesting ports on 172.16.0.2:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: A4:BA:DB:7B:30:41 (Unknown)

Interesting ports on 172.16.0.3:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:11:43:8D:85:0B (Dell)

Interesting ports on 172.16.0.4:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:18:8B:92:CC:A1 (Unknown)

Interesting ports on 172.16.0.5:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:13:72:F2:B9:E6 (Dell)

Interesting ports on 172.16.0.6:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:15:C5:27:8C:C5 (Dell)

Interesting ports on 172.16.0.7:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:15:C5:27:98:6D (Dell)

Interesting ports on 172.16.0.8:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:13:72:F2:1D:57 (Dell)

Interesting ports on 172.16.0.9:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:15:C5:27:9E:E2 (Dell)

Interesting ports on 172.16.0.10:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:15:C5:27:8C:51 (Dell)

Interesting ports on 172.16.0.11:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:13:72:F2:1F:0A (Dell)

Interesting ports on 172.16.0.12:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:15:C5:2C:75:F4 (Dell)

Interesting ports on 172.16.0.13:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:21:9B:B5:40:26 (Unknown)

Interesting ports on 172.16.0.14:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:14:22:6B:40:52 (Dell)

Interesting ports on 172.16.0.15:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:14:22:6B:61:66 (Dell)

Interesting ports on 172.16.0.16:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:0F:1F:3D:40:70 (WW Pcba Test)

Interesting ports on 172.16.0.17:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:18:8B:92:D8:C0 (Unknown)

Interesting ports on 172.16.0.18:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:14:22:01:58:45 (Dell)

Interesting ports on 172.16.0.19:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:11:43:8B:40:B5 (Dell)

Interesting ports on 172.16.0.20:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:18:8B:9B:26:F5 (Unknown)

Interesting ports on 172.16.0.21:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:18:8B:9B:1B:67 (Unknown)

Interesting ports on 172.16.0.22:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:15:C5:27:8B:FA (Dell)

Interesting ports on 172.16.0.23:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:13:72:F2:B6:29 (Dell)

Interesting ports on 172.16.0.24:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:14:22:86:87:FC (Dell)

Interesting ports on 172.16.0.25:
Not shown: 1678 closed ports
PORT   STATE SERVICE
23/tcp open  telnet
80/tcp open  http
MAC Address: 00:0B:DB:F7:49:9E (Dell ESG Pcba Test)

Interesting ports on 172.16.0.100:
Not shown: 1669 closed ports
PORT     STATE SERVICE
25/tcp   open  smtp
53/tcp   open  domain
80/tcp   open  http
81/tcp   open  hosts2-ns
110/tcp  open  pop3
113/tcp  open  auth
143/tcp  open  imap
222/tcp  open  rsh-spx
993/tcp  open  imaps
1000/tcp open  cadlock
3128/tcp open  squid-http

Interesting ports on 172.16.0.201:
Not shown: 1662 closed ports
PORT     STATE SERVICE
25/tcp   open  smtp
80/tcp   open  http
110/tcp  open  pop3
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
143/tcp  open  imap
366/tcp  open  odmr
443/tcp  open  https
445/tcp  open  microsoft-ds
465/tcp  open  smtps
993/tcp  open  imaps
995/tcp  open  pop3s
1025/tcp open  NFS-or-IIS
1026/tcp open  LSA-or-nterm
1031/tcp open  iad2
3306/tcp open  mysql
3389/tcp open  ms-term-serv
8000/tcp open  http-alt
MAC Address: 00:11:43:35:91:3F (Dell)

Nmap finished: 254 IP addresses (27 hosts up) scanned in 15.590 seconds
Nagios:~#

Author

Commented:
I'm still testing it now
This also somewhat depends on what you want to count as PC.
Nmap and other scanning tools will of course only detect PCs that are switched *on* during the scan.
The existence of computer accounts in AD may be a better idea to catch PCs not running, but may contain stale entries ...
LOL, thehagman is right. I guess if you really need to know the actual number, you should grab a pen and a piece of paper and walk through the site. If there are way to many computers, or you don't have access to the site, then a combination of all of the above should at least give you an idea. Again, I highly recommend Spiceworks for network auditing/monitoring, I just can't imagine how I could live without it.

Author

Commented:
THX