What Subnet Am I In?


If I do an IPConfig, I can find out the IP address and subnet mask of my Windows machine.  With this info, can I determine what AD subnet I'm on?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JoeyBugeyesAuthor Commented:
The reason I'm asking is because I'm trying to put together a script or at lease a procedure.  If I get that midnight call and says these 100 users can't log on...  I want to be able to ask for an IP address of an affected machine and do something like this...

1. based on IP, determine subnet they are on
2. look up subnet in AD Sites & Services to determine the DC they 'should' be connecting to.
3. check the DC(s) in question.

Neil RussellTechnical Development LeadCommented:
Do you mean what AD Site you are in? A subnet is a subnet. There is no such thing as an AD Subnet as such.

What exactly are you trying to find out?

Can you give example of what you would expect to find as a result?

I think I understand what he is referring to but he is using the wrong terminology. If I am reading this right he has site specific policies in place that vary from one location to another.

Example of this is :
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Now where I am confused is why he would need what he is asking for.

If you have your subnets mapped to different sites then you have probably already told Active Directory which server is linked to what site. If that is the case all you would need to do is ping the machine get the IP relate that to one of your DHCP scopes and that should tell you which server you are connecting to.
JoeyBugeyesAuthor Commented:

I apologize if I wasn't clear.  I'm certain I'm not using the correct terminology and perhaps not even asking a valid question.  But here's what I'm thinking.   We have a TON of sites and subnets.  If a group of people experience long logons, no logons, or other authentication issues, I want to be able to very quickly (perhaps even scripted) tell which domain controller is in trouble.  I understand that it may be other things such as network, but let's assume for now it's AD related.  By the way, there is currently no issue, but I just want to be prepared for next time.

1. Let's say I have an IP Address / subnet mask of a windows machine of / 255.255.252.  This windows machine and all others in the same physical location is having trouble logging on.

2. If I plug this IP/subnet mask into a subnet calculator (http://www.subnetonline.com/pages/subnet-calculators/ip-subnet-calculator.php) it reveals to me that my machine is on the network.  I assume this is the same thing as my 'subnet'.  Again, forgive my misuse of terminology.  If I'm wrong here, let me know.

3.  I now take this and look for it in AD sites & Services to find out what site it's associated with.  Let's say it comes back with Trenton.

4.  Then I use AD Sites & Services to look up the 'Trenton' site to see what domain controllers service the site.

5. Now I can health check the the Trenton DCs .

So I guess what I'm really asking now is two things.  1) Are my steps correct/logical?  and 2) if so, is there a better way to do step number two above instead of having to use a subnet calculator?  Is there a command line tool or something?  I'm thinking command line because if this process is good, then I'd like to script it eventually.

What are your thoughts?  I'm sure I'll get this call from time to time and I don't want to get caught without a good process.

Thanks a bunch!

Have the user do an ipconfig /all and tell you what the dns server is. A lot of times that is also the domain controller.  You should also check dhcp and see what different scopes they have so that you will be familiar with the addresses. You can check the subnets in AD but that won't tell you much.  
Ipconfig /all should be enough.
Do you mean, within AD sites & services, the subnets that are defined here are assigned against sites?...
to answer your questions Joe:
1) in my opinion your steps seem logical. The direct relationship between subnet and AD seems to be something that you have in your network. It is not that way in every network; probably that's why people are confused a bit.
2) Faster than the script is probably only your brain. Subnet calculation is easy if you start to understand how it works. But that's probably not what you want to hear....;-) If you are into VBS then look at this: http://www.codeproject.com/Articles/72622/Calculating-Subnet-Ranges-With-VBScript. or .net look here: http://www.techexams.net/ip-subnet-calculators/.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I agree with MAT1458.. Your logic and steps seem sound.. just remember that there's also a "default site" so if your subnet isnt listed, it MIGHT be that you're in the default site...  Of course, it's also possible that whoever setup the sites, used "supernetting".  In otherwords, I might setup something where the WAN location is in the second octet, like "10.x.y.z" where x= site number, y=floor or switch number, and z=node number.  A "Headquarters" site might be many different switches, to include:
... all the way to

Instead of defining 255 subnets as the site "Headquarters", I'd most certainly create site headquarters with ""  (or / mask which would encompass all of the subnets in one entry.  The problem is that you're going to see in Sites and Services, but the user on the phone is going to tell you something like "" which isn't going to match anything in your IP subnet calculator.  For this reason, I second the concept of being able to understand the subnets without relying on the Internet calculator so much...

VMagan talks about using the DNS server to determine your DC / site, which works great if everything is up, but when there's a problem (which is why you got the call in the first place!) your machine will go to a non-optimal site/DC/DNS if it has to, which could skew the info you get.

Check out this site:

It has some commands to search the LDAP based on your current situation, to find your site and local DC names..

Does that help?
JoeyBugeyesAuthor Commented:
Thank you very much for your answers.  <br /><br />Mat1458, <br />I was lucky and found a script that does exactly this process.  It's a winbatch script, but i have a compiler so I'm good there.  There's no direct link to the script, but you can go to techsupt.winbatch.com and search for "Useful ADSI Site server functions".<br /><br />172PilotSteve,<br />That's great info.  Thank you!!!!
WOW..  a winbatch user?!  How unusual!  I used to do a LOT of winbatch, and actually, somewhere I have a routine I wrote for EXACTLY this purpose - you pass it 2 IP addresses with mask, and it will tell you whether they're in the same subnet.

I wrote it because I had written a custom software deployment / workstation management system (kind of a mini SMS) and I used it to be able to target installs to certain subnets.

If that code would be handy for you, let me know, and I'll dig it out.  I KNOW I still have it SOMEWHERE..
JoeyBugeyesAuthor Commented:

Oh yeah, I love Winbatch.  Don't bother digging out the script though.  The one on their site works pretty well.  I think it was some guy from NJ who wrote it, maybe Clifton area?  That wouldn't happen to be you, would it?  What a small world if so.

Nope..  Wasn't me..  I'm in Maryland..  Haven't used Winbatch in a couple years, but I'm a big fan too.  It's amazing what it can do.  I've been forced into Powershell, which is also really cool, but sometimes I miss the simplicity of winbatch...

Good luck and thanks!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocols

From novice to tech pro — start learning today.