When scanning by domain name, NetChk Protect does the following to enumerate the machines in the domain:
If the scan is being run as an administrative user with appropriate permissions, NetChk Protect attempts to contact the domain controller and enumerate its list of machine accounts.
Machines are also enumerated from the network browse list which is the same list of machines seen on a per domain basis when viewing Network Neighborhood, or similar to 'net view /domain:domainname'. No special permissions are required to enumerate machine names this way as NetChk Protect is using UDP port 137 (NetBIOS name service) to enumerate the browse list. If the scanning machine has just been connected to the network, it may take up to 15 minutes until the machine synchronizes with the browse master and for this list to become available to the scanning machine. The list of machines that are returned represent machines that are currently online or have been within the last 15 minutes. Machines that are 'hidden' via registry modifications won't appear as they don't propagate their machine names to the network browse list. If the scanning machine doesn't have access to the browse list, or the machines are behind filtering devices where the browse list isn't updated, etc. then no machines will appear.