I believe this is an easy one for you all, is there a way to plug in a username to find the ip address on the network, we are running DNS and I would like to find the ip address's easily if I don't have the users computer name or don't want to spend 15 minutes trying to explain to a user how to use ipconfig, can't this be done using NSLOOKUP?? Thanks. Btw I am running XP on a 2000 Server domain.

Theres no way of resolving username to IP directly because the users are Active Directory objects which are seperate from basic TCP/IP properties..

You can however sift through the domain controller's security log and look for events listed as #673. The authentication service will log these events as tickets are requested and users are logged in. The IP address in which the ticket request originated from will always be listed within the event description.

Couple of things that might help....

Win XP, go to the properties of your local area connection, put a check in the box for "Show icon ...when connected". I make this standard practice on any networked PC that I roll out. Now there'll be the connection icon down in the systray. It's quite easy to walk someone through double clicking that icon, clicking on the support tab, and seeing their IP address there.

I also setup the Classic Start Menu on every XP machine I roll out, so the "My Computer", and "Network Places" icon is on the desktop. Even with the blondest of secretaries it shouldn't take more than 15 seconds to have them right click My Computer, properties, Computer Name" tab.

Do you run a business grade antivirus program such as Symantecs Corporate Edition? That management console will show the user account used to log into the workstations.

Theres no way of resolving username to IP directly because the users are Active Directory objects which are seperate from basic TCP/IP properties..

You can however sift through the domain controller's security log and look for events listed as #673. The authentication service will log these events as tickets are requested and users are logged in. The IP address in which the ticket request originated from will always be listed within the event description.




You CAN do this.

As long as you're not blocking NetBios on your network (Ports 137, 139 .. and if those a blocked ... port 445 is used).

Do this: from a command prompt run

net send %username% TEST

where of course the username is the person you're searching for.

After that, checkout your netbios cache using

nbtstat -c from a command prompt

This is your cache table for resolved netbios names. You should see the computer name and IP Address of the computer you sent the message to. If you don't see the IP Address, you should be able to do a reverse lookup (provding you have it enabled in DNS) on the computer name you see. Running an "nbtstat -a computername" will also show you who's logged in on the machine. Remember though, if a user logs into multiple machines at once, it's the first machine the user logs into that gets the message sent to it as it will register the user name as username$ from the machine and that is what dictates which machine gets the message.

Also, you need to have file and printer sharing enabled on your machines on the network. Most people do this as you cannot remotely manage Winboxes without it. Also, if you have XP firewalls enabled under SP2, you will either need to set the domain group policy to allow netbios queries to bypass it or have it turned off altogether.

A+, Net+, i-Net+, Linux+, Server+, Security+
CIW-A, MCP, MCP+I, MCSA, MCSE (NT4)

... CCSP on the way!

You CAN do this.

As long as you're not blocking NetBios on your network (Ports 137, 139 .. and if those a blocked ... port 445 is used).

Do this: from a command prompt run

net send %username% TEST

where of course the username is the person you're searching for.

After that, checkout your netbios cache using

nbtstat -c from a command prompt

:thumb: Thats another good way to find out, but unfortunately I didn't think of that b/c on my network I have to keep the Netbios traffic down to a minimum and the messenger service is just plain disabled domain-wide.