NetBIOS Name

This topic contains 5 replies, has 5 voices, and was last updated by  Gsky 2 years, 7 months ago.

  • Author
  • #25617


    Hello All!

    I have faced with the problem, and I do not have idea how to find a solution.
    Here is the situation: I have a domain A that domain has few external trusts (one direction) i have no admin access to this domain A , now i have a list of servers that responding as but do not exist in that domain (i believe these servers are just added to DNS) i know that real objects exist in external domain B (separate forest) but pings like a servers from domain A.

    my question is there any possibility to verify (via PS) real netbios name of real domain where that server exists?

    Thank You!

  • #25622

    Simon Wåhlin

    If you only want to know the domain a computer is a member of you can use WMI to query the class Win32_ComputerSystem

    $DNSForestName = (Get-WmiObject -Class Win32_ComputerSystem).Domain

    If you want the netbois name of the domain, query the Class Win32_NTDomain and filter on DnsForestName

    $DNSForestName = (Get-WmiObject -Class Win32_ComputerSystem).Domain
    $DomainNetbios = (Get-WmiObject -Class Win32_NTDomain -Filter "DnsForestName = '$DNSForestName'").DomainName
  • #25703

    Vern Anderson

    If you open the TCP settings on a computer it might have a list of DNS Suffixes under the DNS portion of the IPv4 TCP/IP settings.

    A Windows machine will respond with it's FQDN regardless of whether or not its a member of the AD Domain by the same name. The dns suffix list makes it respond with that FQDN.

    Good luck finding those machines. Don't forget ARP will return MAC Addresses and those MACs can be used by a network engineer to trace it back to a switch port. From there you trace the patch cable back to the physical device.

  • #25705

    Tim Pringle

    Hey Gsky,

    You don't need an admin account to be able to list user or computer objects, you can do this from a standard domain account with an LDAP query. Ask for a standard user account for the other domain, use an LDAP query with a search and grab the DistinguishedName cut of the domain suffix, and you'll have your NETBIOS name.

    If querying has been locked down for whatever reason so you can't use a standard account, ask for delegated rights to the OU with the computers in with list permissions (can't recall the exact property name required), and you will then be able to use your LDAP query.



  • #25707

    Dave Wyatt

    Another option is to use nbtstat -A $ipAddress, and look for the line that has a suffix of and type GROUP. In PowerShell, that might look something like this:

    $ipaddress = ''
    $nbtstat = nbtstat.exe -A $ipaddress
    $domainOrWorkgroup = $nbtstat | Where { $_ -match '^\s*(\S+)\s*\s*GROUP' } | ForEach { $matches[1] }
  • #25824


    Thank you all,

    @dave – unfortunately nbastat does not work here (returns

    The solution to my problem was Win32_computerSystem given by @simon,

    If you only want to know the domain a computer is a member of you can use WMI to query the class Win32_ComputerSystem

    this works perfectly on servers with WMI services, I can check real domain name where Server object exists. Knowing this have created simple query using [i]get-adcomputer[/i] to verify object on domain (if no object then script checks win32_computerSystem).

    but what about with non windows servers (NAS fillers etc) is there any option to verify domain name form comes that object?

You must be logged in to reply to this topic.