As a professional system administrator working in a hybrid network that combines Microsoft infrastructure with non-Microsoft security and networking components (like FortiGate, Symantec EPP, or Palo Alto), mastering command-line tools is crucial for fast, accurate troubleshooting.

In this article, I’ll walk you through the most essential troubleshooting commands for Windows environments — categorized by their purpose and enriched with real-world scenarios. Whether you’re solving DNS resolution issues, checking port accessibility, or diagnosing AD authentication failures, these tools should be in every admin’s arsenal.

Network and Connectivity Troubleshooting

• Use ping <hostname> to verify basic ICMP reachability to a server. If it fails, the host may be down, unreachable due to firewall rules, or DNS resolution may have failed.

• Use tracert <hostname> to detect where packet loss or delays occur across the routing path.

• Use Test-Connection <hostname> in PowerShell as a more detailed, scriptable replacement for ping.

• Use Test-NetConnection -ComputerName <host> -Port <port> in PowerShell to check whether a specific TCP port is accessible (useful for RDP, SQL, HTTP).

• Use telnet <host> <port> to quickly test if a service is accepting TCP connections on a given port.

• Use netstat -ano to list all active TCP/UDP connections along with associated Process IDs.

• Use Get-NetTCPConnection in PowerShell as a modern and filterable alternative to netstat.

• Use ipconfig /all to display current IP address, DNS, gateway, DHCP lease, and more.

• Use Get-NetIPConfiguration in PowerShell to obtain modern network configuration data.

• Use arp -a to review the ARP table and inspect MAC-to-IP address mappings.

• Use route print or Get-NetRoute to inspect the routing table for default gateways or incorrect routes.

DNS Resolution Troubleshooting

• Use nslookup <hostname> to check if DNS resolution is successful and which DNS server responds.

• Use Resolve-DnsName <hostname> in PowerShell for more detailed DNS queries.

• Use ipconfig /flushdns or Clear-DnsClientCache to clear the local DNS cache in case of stale or incorrect records.

• Use ipconfig /displaydns or Get-DnsClientCache to inspect cached DNS entries.

Firewall and Port Accessibility

• Use netsh advfirewall show allprofiles to verify firewall status and rules for each profile (Domain, Private, Public).

• Use Get-NetFirewallProfile to inspect current firewall status in PowerShell.

• Use Get-NetFirewallRule -DisplayName "<rule>" to verify whether a specific firewall rule is enabled.

• Use netstat -abno to correlate which process is listening on which ports and IP addresses.

Services, Processes, and System Info

• Use tasklist to list all running processes and their PID.

• Use Get-Process in PowerShell for more control and filtering of active processes.

• Use taskkill /PID <id> to terminate a specific process by PID.

• Use sc query <service> to check the status of a specific service.

• Use systeminfo to get OS version, domain name, hotfixes, uptime, and memory info.

• Use hostname to quickly get the computer’s name.

• Use whoami to determine the currently logged-in user.

• Use Get-ComputerInfo in PowerShell to gather BIOS, OS, domain, and hardware info.
  

User and Group Management

• Use net user to list all local users.

• Use net user <username> to inspect properties of a specific user account.

• Use net localgroup to list all local groups on the system.

• Use net localgroup Administrators to view all users with admin privileges.

• Use whoami /groups to see the groups the current user belongs to.
  

File Sharing, GPO, and Domain Issues

• Use net use to view and manage SMB share connections.

• Use net view \\server to see available shared folders on a remote server.

• Use gpresult /r to see which Group Policy Objects are applied to a user or computer.

• Use gpupdate /force to manually refresh Group Policy settings.

• Use net time to check time synchronization with a domain controller.
  

Wireless and Interface Management

• Use netsh wlan show profiles to list all saved Wi-Fi profiles.

• Use netsh wlan show interfaces to inspect wireless adapter status and signal strength.

• Use Get-NetAdapter in PowerShell to list all network interfaces.

• Use Restart-NetAdapter -Name "<interface>" to soft-reset a network adapter.
  

Advanced and Low-Level Diagnostics

• Use nbtstat -n or nbtstat -A <ip> for NetBIOS name troubleshooting.

• Use driverquery to list all installed drivers and their statuses.

• Use fsutil for advanced disk and file system diagnosis (admin required).

• Use pathping <host> to combine the functions of ping and tracert and detect where exactly packet loss occurs.
  

Real-World Use Case Examples

• WSUS can’t connect to Microsoft Update: Use netstat -an | findstr :443to confirm outbound HTTPS connections are established.

• Clients can’t join the domain: Use Resolve-DnsName domain.local, then Test-NetConnection -ComputerName <dc> -Port 389 to check LDAP.

• Outlook can’t reach Exchange: Use Test-NetConnection -ComputerName autodiscover.domain.com -Port 443 after DNS and IP are validated.

• High CPU on client systems due to unknown connections: Use netstat -bno to reveal which applications are consuming network resources.

These command-line tools form the foundation of network and system diagnostics in enterprise Microsoft environments. Whether you’re addressing a DHCP lease issue, troubleshooting SSL VPN authentication, or investigating slow SCCM deployments, the combination of CMD and PowerShell utilities empowers you to act quickly and decisively.