System Administration & Network Administration
windows powershell azure-active-directory
Updated Thu, 08 Sep 2022 15:54:22 GMT

Is there a way to programatically determine whether a Windows computer is AAD joined as SYSTEM?


I would like to be able to determine via script whether a given Windows workstation is AAD joined, Hybrid AD joined, or on-prem AD joined.

I would like to run this script from the RMM I'm using so I can store those results in the RMM and be able to easily group computers into those three categories (plus one for workstations that are not joined to any kind of domain).

The RMM I'm using runs powershell scripts as NT AUTHORITY\SYSTEM.

The typically recommended method for getting this information is to run the command

dsregcmd /status

However, per Microsoft's documentation

The dsregcmd /status utility must be run as a domain user account.

I've verified in my own testing that running dsregcmd /status in Powershell as NT AUTHORITY\SYSTEM returns the error

dsregcmd : The term 'dsregcmd' is not recognized as the name of a cmdlet, function, script file, or operable program.

Running the command in cmd returns a similar error.

The error is the same when I try specifying the full path to dsregcmd.exe.

Is there a way to get this command to work when running as SYSTEM? Alternatively, is there another way to determine if a workstation is AAD Joined when running as SYSTEM?




Solution

Query the registry https://nerdymishka.com/articles/azure-ad-domain-join-registry-keys/

Determine if a machine is joined to AzureAd HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo/{Guid}

Underneath the key, the following keys can be found: TenantId UserEmail

$subKey = Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo"
$guids = $subKey.GetSubKeyNames()
foreach($guid in $guids) {
    $guidSubKey = $subKey.OpenSubKey($guid);
    $tenantId = $guidSubKey.GetValue("TenantId");
    $userEmail = $guidSubKey.GetValue("UserEmail");
}