When working on a script this past week I came across a problem when trying to discover a servers domain when not being afforded access permissions. In my case my usual steps all came back with non-usable information. All FQDN names were exactly the same for the computers on the our "test" domain as well as our "active" domain. All powershell scripts failed to run, due to my permissions, and without a major call to our service desk's API there seemed to be no other viable option for pulling this information. That's when I came across an older operation that fit the bill perfectly.
Nbtstat, according to Microsoft's technet library
is designed to help troubleshoot NetBIOS name resolution problems. When a network is functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses.Long story short (this explanation doesn't seem short...I think you mean long story longer..I'm so clever -ed.) the TCP/IP stack doesn't understand "flat names" so Windows relies on an application called NetBIOS-Over-TCPIP (NBT) to handle them. When I refer to flat names I'm referring to the friendly names assigned to the computer aka Computer Name.
As with all things scripting you can easily find the entire list of variables for the command by running nbtstat -?
This information can be used however you would like. For my purposes I used regular expressions and Powershell to pipe the information into a variable and used that to verified information for several different functions.