I need to know if anyone is using our file server's IP address to access instead of the name. Any ideas?
Solution 1:
You could add a second IP address to the system and point the DNS name at that new IP address. The server will still talk on both IPs, so none of your users will be disrupted, but you will know that anyone connecting on the old IP is not using DNS.
Solution 2:
I actually looked into this at $job-1. I never did find a way to address this in the windows event logs natively but I did come up with an interesting workaround which may be of some use. Using file system auditing you can get the source IP and username for each access that takes place. I'm assuming you are running AD with integrated DNS with WINS disabled. If so you can export the logs for your DNS queries.
It is possible to pump both of these logs into a Splunk instance and cross correlate any source IPs which haven't made a DNS request but that have hit your file server. From there all you need to do is verify that there isnt HOSTS file in use.
All that being said in mist environments it is way easier to just make the change and see who complains.