PowerShell: Reverse IP Lookup without DNS

Ever been on a network that either doesn’t have reverse lookup zones configured in DNS or doesn’t allow them? Ever needed to find the name of a Windows machine while on on of those networks with just the IP Address? Here’s a powershell script to help you out with that.

Typically when you need to find a server by IP Address, ping -a works wonders. Ping requests a reverse lookup of an IP from the DNS servers specified on the NIC, and then if the DNS Server is configured for reverse lookup zones, it magically responds with the name of the server or desktop you are looking for.

If you work in an environment that does not have that set up or has that disabled, however, finding the name of the machine is usually much harder. The below PowerShell function can be saved to a *.ps1 and imported into the PowerShell.

Function Get-Name {
     <# 		
       .SYNOPSIS 			
            Get the name of a windows computer without the luxury of Reverse DNS.
       .DESCRIPTION
            Get the name of a windows computer without the luxury of Reverse DNS.

            Revision History:
                   v1.1 - Added CSV processing functionality.
                   v1.0 - Initial Release
       .NOTES
            Function Name : Get-Name
            Author : Thomas Rhoads
            Requires : PowerShell V2
       .EXAMPLE
            PS C:\> Get-Name 
            Returns the name of a single windows computer.
		
       .EXAMPLE
            PS C:\> Get-Name -CSV 
            Returns the name of multiple windows computers. Takes a CSV sheet with a column header of IP.
	
       .PARAMETER IP
            IP of the computer you are trying to get the name of.
       .PARAMETER CSV
            Provide a path to a CSV file with a "IP" column for instead of an IP to check multiple computers at one time.
     #>
     param (
          [Parameter(Position=0,ValueFromPipeline=$true)]
          [string[]]$IP,
          [string]$CSV
     )
     begin { 
          if ($CSV) {
               $IP = @()
               if ((Test-Path -Path $CSV)) {
                    $myCSV = Import-CSV -Path $CSV
                    foreach ($thisLine in $myCSV) {
                         $IP += $thisLine.IP
                    }
               }
         }
     }
     process {
          foreach ($thisIP in $IP) {
              # Intialize...
              $myKeyPath = "System\CurrentControlSet\Control\ComputerName\ComputerName";
              $myKey = "ComputerName";

              try{
                   #Get Key Value & Write it to host.
                   $myType = [Microsoft.Win32.RegistryHive]::LocalMachine;
                   $regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($myType, $thisIP)
                   $regKey = $regKey.OpenSubKey($myKeyPath)
                   $thisName = $regKey.GetValue("$myKey","0").ToString()
                   $OutputObj  = New-Object -Type PSObject
                   $OutputObj | Add-Member -MemberType NoteProperty -Name IP -Value $thisIP
                   $OutputObj | Add-Member -MemberType NoteProperty -Name Name -Value $thisName
                   $OutputObj
              }
	    catch{
                   Throw Write-Host -foregroundcolor red "Could not connect to $thisIP"
              }
          }
     }
     end { }
}

Run PowerShell as a user that has administrative rights on the remote machine and then type:

Get-Name <ip>

Where <ip> is the IP Address of the computer you are attempting to find the name for. It will return an object with a IP field and a Name field that can be piped into another function. NOTE: This only works on Windows remote machines. It looks at a registry value to find the computer name.

Updated 7/16/2013: Now includes the ability to process multiple IPs in one run using a CSV.