Just like DNS, the NTB-NS (NetBIOS name service) protocol is used to translate names to IP addresses. By default, it's used as a fallback in AD-DS.
The tools nbtscan and nmblookup can be used for reverse lookup (IP addresses to NetBIOS names)
# Name lookup on a range
nbtscan -r $SUBNET/$MASK
# Find names and workgroup from an IP address
nmblookup -A $IPAdress{% hint style="success" %} Some NBT-NS recon can be carried out with the enum4linux tool (see this page). {% endhint %}
{% embed url="https://wiki.wireshark.org/NetBIOS/NBNS" %}