Query IP/hostnames in local network (Windows)

I have a Windows Server based network, running a Windows DHCP and DNS server. How can I list all the computers in the local network known to the server? That would mean querying either the DHCP or the DNS for all names and IP addresses.

I know I can see this information if I log on to the server in the DHCP MMC. But is there a way to do it from a different computer (not in the AD-domain), and without the administrative MMC snap-ins installed? Maybe a Powershell command or tool that I missed?

In a small subnet I can just use a portscanner, but that seems like a wrong solution when the information I want is sitting there on my server.

I discovered nslookup ls mydomain.local, but this fails with "query refused". Is there maybe a way to pass credentials to it?

Have you tried querying for ANY record using nslookup as in How can I list ALL DNS records?

This only works, however if DNS zone file tranfers isn't blocked (which is the default).

nslookup
Default Server:  dc.mydomain.local
Address:  10.1.8.4

> set q=any
> ls -d mydomain.local
[dc.domain.local]
*** Can't list domain mydomain.local: Query refused
The DNS server refused to transfer the zone mydomain.local to your computer. If this
is incorrect, check the zone transfer security settings for mydomain.local on the DNS
server at IP address 10.1.8.4.

And the main point here is, you shouldn't be able to dump this kind of information as an anonymous user to begin with anyhow...