I have started a new job and inherited a lot of servers and websites. One particular website I am unsure of what server/IIS instance it is hosted on. All I know is the public URL of the site. Is there a way (maybe a powershell script?) to scan my domain and locate the IIS instance this particular URL is bound to?
Windows – How to find the IIS server instance that a website is hosted on in the domain by only its public URL
bindingsiispowershellurlwindows
Best Answer
Before you start running network scanners on your network, have you actually asked your coworkers for any documentation, wikis, email chains, etc that might give you a better clue?
Assuming no one knows anything and you're on your own. The first thing I'd do is a reverse DNS lookup on the IP that the URL maps to. If the public URL is a friendly name and the site isn't behind a load balancer, a reverse lookup of the server's IP might give you its real hostname.
If the site is behind a load balancer, check the load balancer config to find the server(s) that are serving the content.
Once you've got an IP of the server actually hosting the content, it should be easy enough to RDP in using domain credentials assuming it's domain joined and you have sufficient credentials to login.