4

I manage a network that has a lot of laptops. The users that use the laptops are frequently traveling. When someone gets a new computer I run into a problem determining what the hostname should be. The hostname scheme is [companyname]xxx where xxx is the next available number. I usually ping starting whichever hostname I think is available and increase/decrease the number until I find an available hostname. However when a user's laptop isn't in the network this method doesn't work.

Is there a way I can check for all of the hostnames on the network, even the laptops that aren't currently connected? Or am I going about this all wrong?

Two things to note:

  • I've used the ARP cache in the past but sometimes a user's laptop is out of the office long enough that their MAC address is no longer in the ARP cache.
  • I keep fairly good documentation but sometimes a different tech will add a computer to the domain and not update the documentation.
peterh
  • 4,914
  • 13
  • 29
  • 44
cwiggs
  • 69
  • 1
  • 4
  • 2
    You mentioned the word domain. Is this an AD domain? If so, are all of the workstations and laptops members of the domain? If so, you can simply query AD for all computer objects to get a list of all of the computer accounts in the domain, whether they're currently connected to the network or not. – joeqwerty Jun 15 '15 at 21:46
  • @joeqwerty I thought of that. Some of the laptops aren't part of the domain, but they are being moved over to the domain. – cwiggs Jun 15 '15 at 23:41
  • 2
    The ARP cache lasts about 10 minutes - https://technet.microsoft.com/en-us/library/cc958841.aspx - it's not a reliable thing to use. – TessellatingHeckler Jun 16 '15 at 01:48
  • What kind of dns do you use? – Mert Gülsoy Jun 16 '15 at 06:30
  • 7
    How about just looking in your inventory system? – Jenny D Jun 16 '15 at 07:13
  • 1
    Next time you pick a naming scheme you might consider a more meaningful one. I like to include part or all of the serial number to help make sure all names are unique. – Todd Wilcox Jun 16 '15 at 12:31
  • 1
    It would be a lot simpler and a lot more reliable to just store the last used number in one central location. – kasperd Jun 16 '15 at 15:09
  • 2
    I agree with @JennyD. This would be solved by getting better control of your inventory and ensuring no hostname collisions are possible based on a unique value. (Such as serial number, or an [asset ID](http://www.myassettag.com/).) You can get a USB barcode reader to help facilitate creation of your database. Eliminates errors reading serials and will speed things up. – Aaron Copley Jun 16 '15 at 15:26

4 Answers4

9

I usually would just ping starting whichever hostname I think is available and increase/decrease the number until i find an open hostname.

You're doing this the hard way. It would be easier to use a spreadsheet to track the computer names you've assigned. If you have a team that is responsible for naming computers a shared Google Sheets or the equivalent would be perfect.

At places I've worked we've used this method and included in the spreadsheet helpful details like Date Created, Date Decommissioned, Assigned User and the like.

sometimes a different tech will add a computer to the domain and not update the documentation.

This problem is best addressed with a behavior solution. Attempts to solve human problems with technical solutions usually fail. If the process for identifying and assigning a new name is simple then it is not unreasonable to expect all technicians to adhere to it as an expectation of employment.

I say Reinstate Monica
  • 3,100
  • 7
  • 23
  • 51
  • 1
    IME, I have never seen a spreadsheet kept up to date. By the time the admin has ordered, setup, and deployed, and seen a smile on the users face, the last thing they are going to do is update a spreadsheet. IMO, Documentation is invalid about a nano second after it is written - the system has to be the documentation. – Patrick Jun 16 '15 at 14:33
  • 3
    Professionals keep good documentation. Letting the system be the documentation is the equivalent of letting the primary data be the backup. – I say Reinstate Monica Jun 16 '15 at 14:40
  • That's very optimistic of you - making config backups and recording passwords is one thing - an admin could be shot for neglecting that - but recording serial numbers and the new user of a machine is another. Such information should be available from the system, as in direct query, or through a decent ITAM – Patrick Jun 16 '15 at 15:07
  • I was responding to the suggestion that documentation is pointless by virtue of being rendered invalid moments after being captured. You are correct in observing that not *all* things should be documented. – I say Reinstate Monica Jun 16 '15 at 15:11
3

Possible places you can pull computer names from:

  1. DHCP allocations, although they will be removed after a while, they show hostnamed.
  2. DNS server / reverse DNS entries - Windows integrated DHCP adds entries into DNS, they will last for a few days depending on your scavenging settings.
  3. Domain controller security event log - each logon to a domain resource should generate a logon entry and have computer names in them. Assuming all laptops logon to a domain resource at some point for file or print shares, this is probably the most comprehensive, if it goes back far enough.
  4. Print Server Application Event Log, ID 307 - printed documents leave an entry with the computer name they were sent from.
  5. Email headers. If you know who uses the laptops, and have email from them, look in the headers for which machine it originated on.
  6. Anti-virus consoles - if you have a centralised antivirus, it might have a record of all the computers which connect to it
  7. Windows Server Update Services - it shows lists of all computers it talks to.

None of these will help you answer "what's the next available name right now", but they may help you build a more comprehensive view of which names you've used.

TessellatingHeckler
  • 5,676
  • 3
  • 25
  • 44
2

Apart from setting up a 3rd party or in-house 24/7 monitoring service, your best bet would be WINS.

As long as your DHCP hands out a WINS server, that WINS server will record and keep the computer name/address, whether or not it is a domain PC.

Using the WINS console, you can find all PCs that have been on your network within the last 12 days - a PC not seen for 6 days will be marked tombstoned, and that tombstoned entry will then be deleted after another 6 days.

WINS is deprecated but still available.

Anthony Geoghegan
  • 2,800
  • 1
  • 23
  • 34
Patrick
  • 250
  • 1
  • 11
2

Source: https://nmap.org/nsedoc/scripts/smb-os-discovery.html

As you can see it'll get DNS name as well NetBIOS name.

nmap --script smb-os-discovery.nse -p445 10.1.1.0/27

Example output:

Nmap scan report for dell.domain.local (10.1.1.5)
Host is up (0.00026s latency).
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 78:2B:CB:E8:7E:42 (Dell)

Host script results:

| smb-os-discovery: 
|   OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
|   OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
|   Computer name: dell
|   NetBIOS computer name: DELL
|   Workgroup: NAME
|_  System time: 2015-06-16T17:00:44+02:00

Nmap scan report for mietek.domain.local (10.1.1.30)
Host is up (0.00036s latency).
PORT    STATE  SERVICE
445/tcp closed microsoft-ds
MAC Address: D4:CA:6D:F4:94:D4 (Routerboard.com)

It's not perfect as you need properly configured firewalls, but IHMO it's good point to start.

Another way could be using software called thedude and it's autodiscovery feature.

thedude_sample

I completely forgot about great tool called ntop, it has passive ways to collecting data about network, when placed @ local gateway it'll find everything.

ntop_sample

Of course connection to local network or VPN with default gateway redirection is necessary.

Michal Sokolowski
  • 1,461
  • 1
  • 11
  • 24