Understanding the NT 4.0 WINS database
Format of computer names
The computer names in the WINS database are 16 characters long. The first
15 characters are ASCII text. The sixteenth character is used to hold a
byte which indtcates the type of registration the paticular database entry
represents.
Use of the 16th byte
The 16th byte is used by various applications to search for particular
types of computers. For example, each computer registers itself with value
0x03, and each time a user logs on, another 0x03 entry is created. The
NET SEND command searches through all of the 0x03 entries to find the target
of the send.
The _MSBROWSE_ entry
This entry is used by Master Browsers in order to find each other. Specifically,
the master browser in one domain will look for an entry by this name in
the WINS databases from other domains in order to find those domains' master
browsers.
Table of 16th bit values
| 16th byte (hex) |
Registration type |
| 00 |
Workstation |
| 03 |
usernames (used by NET SEND) ("messenger service") |
| 06 |
RAS server |
| 1b |
PDC ("netlogon service") |
| 1c |
PDC and up to 24 BDCs |
| 1d |
Master browser |
| 1e |
All browsers & potential browsers |
| 20 |
Server serivce on WINS client |
| 21 |
RAS client |
| bf |
Netmon |
| 87 |
MS Exchange MTA |
Adding a 0x1b entry to the WINS database using LMHOSTS
If your domain is having trouble finding another, it may be helpful to
manually create an entry for that domain's PDC in your domain's WINS database.
This is done by carefully adding the following to your LMHOSTS file.
For this example, we will assume that the other domain's PDC is called
"DARKSTAR" and is at 172.31.1.2. The other domain name is "DIAMOND".
172.31.1.2<tab>darkstar<tab>#PRE<tab>#DOM:DIAMOND
172.31.1.2<tab>"darkstar \0x1b"<tab>#PRE<tab>#DOM:DIAMOND
Note that there are two entries for the foreign PDC. I think spaces are
better, but Microsoft told me to use tabs between the fields. In the second
entry, the PDC name is exactly 16 characters long. The name DARKSTAR is
followed by 7 spaces (count 'em) and then by an ESC character ("\0x1b").
Note that the hex is case sensitive. 0X1B would not work.
Once this entry is in the LMHOSTS file, you can reload LMHOSTS by issuing
nbtstat -R
at the command line. Then look at the NETBIOS name table with
nbtstat -c
Prepared by S. Runyon