What Subnet Am I In?

Posted on 2012-03-15
Medium Priority
1 Endorsement
Last Modified: 2012-03-27

If I do an IPConfig, I can find out the IP address and subnet mask of my Windows machine.  With this info, can I determine what AD subnet I'm on?

Question by:JoeyBugeyes
  • 4
  • 3
  • 2
  • +4

Author Comment

ID: 37727171
The reason I'm asking is because I'm trying to put together a script or at lease a procedure.  If I get that midnight call and says these 100 users can't log on...  I want to be able to ask for an IP address of an affected machine and do something like this...

1. based on IP, determine subnet they are on
2. look up subnet in AD Sites & Services to determine the DC they 'should' be connecting to.
3. check the DC(s) in question.

LVL 37

Expert Comment

by:Neil Russell
ID: 37727172
Do you mean what AD Site you are in? A subnet is a subnet. There is no such thing as an AD Subnet as such.

What exactly are you trying to find out?

Can you give example of what you would expect to find as a result?
LVL 11

Expert Comment

ID: 37727191

I think I understand what he is referring to but he is using the wrong terminology. If I am reading this right he has site specific policies in place that vary from one location to another.

Example of this is :
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 11

Expert Comment

ID: 37727201
Now where I am confused is why he would need what he is asking for.

If you have your subnets mapped to different sites then you have probably already told Active Directory which server is linked to what site. If that is the case all you would need to do is ping the machine get the IP relate that to one of your DHCP scopes and that should tell you which server you are connecting to.

Author Comment

ID: 37727387

I apologize if I wasn't clear.  I'm certain I'm not using the correct terminology and perhaps not even asking a valid question.  But here's what I'm thinking.   We have a TON of sites and subnets.  If a group of people experience long logons, no logons, or other authentication issues, I want to be able to very quickly (perhaps even scripted) tell which domain controller is in trouble.  I understand that it may be other things such as network, but let's assume for now it's AD related.  By the way, there is currently no issue, but I just want to be prepared for next time.

1. Let's say I have an IP Address / subnet mask of a windows machine of / 255.255.252.  This windows machine and all others in the same physical location is having trouble logging on.

2. If I plug this IP/subnet mask into a subnet calculator (http://www.subnetonline.com/pages/subnet-calculators/ip-subnet-calculator.php) it reveals to me that my machine is on the network.  I assume this is the same thing as my 'subnet'.  Again, forgive my misuse of terminology.  If I'm wrong here, let me know.

3.  I now take this and look for it in AD sites & Services to find out what site it's associated with.  Let's say it comes back with Trenton.

4.  Then I use AD Sites & Services to look up the 'Trenton' site to see what domain controllers service the site.

5. Now I can health check the the Trenton DCs .

So I guess what I'm really asking now is two things.  1) Are my steps correct/logical?  and 2) if so, is there a better way to do step number two above instead of having to use a subnet calculator?  Is there a command line tool or something?  I'm thinking command line because if this process is good, then I'd like to script it eventually.

What are your thoughts?  I'm sure I'll get this call from time to time and I don't want to get caught without a good process.

Thanks a bunch!


Expert Comment

ID: 37727777
Have the user do an ipconfig /all and tell you what the dns server is. A lot of times that is also the domain controller.  You should also check dhcp and see what different scopes they have so that you will be familiar with the addresses. You can check the subnets in AD but that won't tell you much.  
Ipconfig /all should be enough.

Expert Comment

ID: 37728348
Do you mean, within AD sites & services, the subnets that are defined here are assigned against sites?...
LVL 10

Accepted Solution

mat1458 earned 1000 total points
ID: 37728746
to answer your questions Joe:
1) in my opinion your steps seem logical. The direct relationship between subnet and AD seems to be something that you have in your network. It is not that way in every network; probably that's why people are confused a bit.
2) Faster than the script is probably only your brain. Subnet calculation is easy if you start to understand how it works. But that's probably not what you want to hear....;-) If you are into VBS then look at this: http://www.codeproject.com/Articles/72622/Calculating-Subnet-Ranges-With-VBScript. or .net look here: http://www.techexams.net/ip-subnet-calculators/.
LVL 10

Assisted Solution

172pilotSteve earned 1000 total points
ID: 37730239
I agree with MAT1458.. Your logic and steps seem sound.. just remember that there's also a "default site" so if your subnet isnt listed, it MIGHT be that you're in the default site...  Of course, it's also possible that whoever setup the sites, used "supernetting".  In otherwords, I might setup something where the WAN location is in the second octet, like "10.x.y.z" where x= site number, y=floor or switch number, and z=node number.  A "Headquarters" site might be many different switches, to include:
... all the way to

Instead of defining 255 subnets as the site "Headquarters", I'd most certainly create site headquarters with ""  (or / mask which would encompass all of the subnets in one entry.  The problem is that you're going to see in Sites and Services, but the user on the phone is going to tell you something like "" which isn't going to match anything in your IP subnet calculator.  For this reason, I second the concept of being able to understand the subnets without relying on the Internet calculator so much...

VMagan talks about using the DNS server to determine your DC / site, which works great if everything is up, but when there's a problem (which is why you got the call in the first place!) your machine will go to a non-optimal site/DC/DNS if it has to, which could skew the info you get.

Check out this site:

It has some commands to search the LDAP based on your current situation, to find your site and local DC names..

Does that help?

Author Closing Comment

ID: 37752726
Thank you very much for your answers.  <br /><br />Mat1458, <br />I was lucky and found a script that does exactly this process.  It's a winbatch script, but i have a compiler so I'm good there.  There's no direct link to the script, but you can go to techsupt.winbatch.com and search for "Useful ADSI Site server functions".<br /><br />172PilotSteve,<br />That's great info.  Thank you!!!!
LVL 10

Expert Comment

ID: 37752802
WOW..  a winbatch user?!  How unusual!  I used to do a LOT of winbatch, and actually, somewhere I have a routine I wrote for EXACTLY this purpose - you pass it 2 IP addresses with mask, and it will tell you whether they're in the same subnet.

I wrote it because I had written a custom software deployment / workstation management system (kind of a mini SMS) and I used it to be able to target installs to certain subnets.

If that code would be handy for you, let me know, and I'll dig it out.  I KNOW I still have it SOMEWHERE..

Author Comment

ID: 37772909

Oh yeah, I love Winbatch.  Don't bother digging out the script though.  The one on their site works pretty well.  I think it was some guy from NJ who wrote it, maybe Clifton area?  That wouldn't happen to be you, would it?  What a small world if so.

LVL 10

Expert Comment

ID: 37774818
Nope..  Wasn't me..  I'm in Maryland..  Haven't used Winbatch in a couple years, but I'm a big fan too.  It's amazing what it can do.  I've been forced into Powershell, which is also really cool, but sometimes I miss the simplicity of winbatch...

Good luck and thanks!!

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are and 192…
SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month15 days, 22 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question