In short - How do I translate a NETBIOS domain to a FQDN ?
Details: Assuming I'm in domain A and I have user credentials for domain B which has a trust relationship with domain A (I can authenticate the credentials). How do I get domain B's FQDN when all I have are the credentials of some authenticated user from that domain, including the netbios domain name?
I'm coding in C# but a COM/WMI/Win32 solution would be welcomed as well.
This probably isn't optimal, but it look like you could do a NetBIOS name query to get an IP address, and then do a reverse DNS lookup to get an FQDN from that...
http://www.protocolbase.net/protocols/protocol_NBNS.php
(The reverse DNS step is easy to look up)
What kind of access do you have to the other domain? What server/service in the other domain are you authenticating against?
Do you have ip-access to a domain server in the other domain? If so then you could do a call like this:
DirectoryEntry rootDSE = new DirectoryEntry("LDAP://10.11.12.13/rootDSE", @"DOMAIN\Username", "Password");
Console.WriteLine(rootDSE.Properties["defaultNamingContext"].Value);
(Replace 10.11.12.13 with the domain server address).
You will get a reply in form "DC=company,DC=org" that represents the FQDN (just rebuild it by removing the DC-part and insert dots)
Bind to the domain using the WinNT provider and filter for all user accounts. Start enumerating the user accounts.
If the user account sAMAccount name does not contain the string "duplicate" then exit from the loop and use the NameTranslate object to look up the LDAP name of the account.
Part of the LDAP name is the domain FQDN.
Hey, it's a fudge but it works like a charm.