PowerShell Commands to Troubleshoot Active Directory and Network Issues

In this section, we’ll be discussing the following tools:

• Get-ADUser

• Get-ADGroupMember

• Get-ADComputer

• Test-ComputerSecureChannel

• Get-ADReplicationFailure

• Get-ADReplicationPartnerMetadata

• Get-EventLog / Get-WinEvent

• Resolve-DnsName

• Test-Connection

• Get-NetIPAddress

• Test-NetConnection

Get-ADUser

The Get-ADUser cmdlet is one of the most widely used Active Directory troubleshooting tools. It retrieves user details such as account status, last logon, and organizational unit membership. This helps administrators track user activity and audit security.

Usual Usage:

Get-ADUser -Identity jdoe -Properties * – Retrieve all properties for a user.

Get-ADUser -Filter 'Name -like "*Smith*"' -Properties LastLogonDate – Find users by name and check last logon.

Get-ADUser -SearchBase "OU=IT,DC=contoso,DC=local" -Filter * | Select Name, Enabled, LastLogonDate – List all users in a given OU.

Search-ADAccount -AccountInactive -UsersOnly -TimeSpan 90.00:00:00 | Export-Csv InactiveUsers.csv – Export inactive users for the last 90 days.

Advanced Usage:

Get-ADGroupMember

The Get-ADGroupMember cmdlet helps verify group membership. This is especially useful when troubleshooting access rights and ensuring users are in the correct security groups.

Usual Usage:

Advanced Usage:

Get-ADGroupMember -Identity "Domain Admins" – List all members of a group.

Get-ADGroupMember "Domain Admins" -Recursive | Select Name, ObjectClass – Display nested group memberships using recursion.

Get-ADComputer

The Get-ADComputer cmdlet is useful for managing computer objects in Active Directory. It helps identify device properties and inactive systems that may require cleanup.

Usual Usage:

Get-ADComputer -Identity PC01 -Properties * – View details of a specific computer.

Get-ADComputer -Filter * -SearchBase "OU=Workstations,DC=contoso,DC=local" – List all computers in an OU.

Advanced Usage:

Search-ADAccount -AccountInactive -ComputersOnly -TimeSpan 60.00:00:00 – Find computers not used for over 60 days.

Get-ADComputer

The Get-ADComputer cmdlet is useful for managing computer objects in Active Directory. It helps identify device properties and inactive systems that may require cleanup.

Usual Usage:

Test-ComputerSecureChannel -Verbose – Test secure channel status with the domain.

Advanced Usage:

Test-ComputerSecureChannel -Repair -Verbose – Attempt to fix a broken trust relationship.

Get-ADReplicationFailure

Replication issues between domain controllers can cause authentication and policy delays. This cmdlet helps quickly identify failures for faster troubleshooting.

Usual Usage:

Get-ADReplicationFailure -Target dc1.contoso.local -Scope Server – Check for replication problems on a domain controller.

Get-ADReplicationPartnerMetadata

This cmdlet provides insights into replication metadata, such as last success time. It helps administrators verify that controllers are synchronizing correctly.

Usual Usage:

Get-ADReplicationPartnerMetadata -Target dc1.contoso.local -Scope Server | Format-Table Partner, LastReplicationSuccess – View replication partners and their sync status.

Get-EventLog / Get-WinEvent

System and security logs are critical for diagnosing login problems, service failures, or security events. These cmdlets fetch event logs directly from PowerShell.

Usual Usage:

Get-EventLog -LogName Security -Newest 20 – View the latest 20 security logs.

Get-EventLog -LogName System -EntryType Error -Newest 10 – View recent system errors.

Advanced Usage:

Get-WinEvent -LogName "Security" | Where-Object { $_.Id -eq 4625 } – Filter failed logon events.

Resolve-DnsName

The Resolve-DnsName cmdlet is the modern alternative to nslookup. It helps confirm DNS resolution issues, which are often the root cause of connectivity problems.

Usual Usage:

Resolve-DnsName google.com – Resolve a public domain.

Resolve-DnsName dc1.contoso.local – Resolve a domain controller.

Advanced Usage:

Resolve-DnsName contoso.com -Type MX – Query mail exchange records.

Test-Connection

This is the PowerShell version of ping. It helps verify basic connectivity to servers and endpoints within the network.

Usual Usage:

Test-Connection google.com -Count 4 – Ping a host four times.

Test-Connection dc1.contoso.local -Count 2 -Quiet – Return only True/False response.

Advanced Usage:

"google.com","yahoo.com","bing.com" | ForEach-Object { Test-Connection $_ -Count 2 } – Test multiple hosts at once

Get-NetIPAddress

This cmdlet provides details about the IP addresses configured on the system. It’s useful for verifying IP assignments and troubleshooting conflicts.

Usual Usage:

Get-NetIPAddress – Display all assigned IPs.

Advanced Usage:

Get-NetIPAddress -AddressFamily IPv4 | Select InterfaceAlias,IPAddress – List only IPv4 addresses.

Test-NetConnection

This versatile cmdlet goes beyond ping by testing ports, protocols, and trace routes. It’s ideal for diagnosing service-specific issues.

Usual Usage:

Test-NetConnection google.com – Test basic connectivity.

Test-NetConnection google.com -Port 443 – Test HTTPS port connectivity.

Test-NetConnection -ComputerName dc1.contoso.local -TraceRoute – Run a traceroute to a DC.

Advanced Usage:

ForEach-Object {Test-NetConnection google.com -Port 443; Start-Sleep -Seconds 2} – Continuously test port availability in intervals.

Quick Reference: Where These Commands Can Run