Podemos assim verificar quais são os hosts que pertencem ao domínio ORIONSCORP2. Para verificarmos, se de fato o host 1.243 é um servidor AD, podemos fazer um scan para ver suas portas.
$ sudo nmap -v --open -Pn 172.16.1.243
Starting Nmap 7.80 ( https://nmap.org ) at 2021-09-15 23:15 -03
Initiating ARP Ping Scan at 23:15
Scanning 172.16.1.243 [1 port]
Completed ARP Ping Scan at 23:15, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 23:15
Completed Parallel DNS resolution of 1 host. at 23:15, 0.00s elapsed
Initiating SYN Stealth Scan at 23:15
Scanning 172.16.1.243 [1000 ports]
Discovered open port 139/tcp on 172.16.1.243
Discovered open port 135/tcp on 172.16.1.243
Discovered open port 53/tcp on 172.16.1.243
Discovered open port 3389/tcp on 172.16.1.243
Discovered open port 445/tcp on 172.16.1.243
Discovered open port 636/tcp on 172.16.1.243
Discovered open port 3268/tcp on 172.16.1.243
Discovered open port 3269/tcp on 172.16.1.243
Discovered open port 593/tcp on 172.16.1.243
Discovered open port 88/tcp on 172.16.1.243
Discovered open port 389/tcp on 172.16.1.243
Discovered open port 464/tcp on 172.16.1.243
Completed SYN Stealth Scan at 23:15, 4.25s elapsed (1000 total ports)
Nmap scan report for 172.16.1.243
Host is up (0.00018s latency).
Not shown: 988 filtered ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3389/tcp open ms-wbt-server
MAC Address: 00:50:56:37:F9:7C (VMware)
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.29 seconds
Raw packets sent: 1989 (87.500KB) | Rcvd: 13 (556B)
Podemos confirmar que é de fato pelas suas portas. Também podemos fazer algumas pesquisas DNS já que esse host faz resolução DNS para comprovar o nome das máquinas.
$ host 172.16.1.243 172.16.1.243
Using domain server:
Name: 172.16.1.243
Address: 172.16.1.243#53
Aliases:
243.1.16.172.in-addr.arpa domain name pointer SERVAD02.ORIONSCORP2.LOCAL.
$ host 172.16.1.245 172.16.1.243
Using domain server:
Name: 172.16.1.243
Address: 172.16.1.243#53
Aliases:
245.1.16.172.in-addr.arpa domain name pointer CORPPC01.ORIONSCORP2.LOCAL.