Forum Discussion
AEchtermeijer
Jun 09, 2022Copper Contributor
Question: Script to see if device is Azure AD joined
We often receive notebooks that are still joined to a Azure AD tenant. Is there a (simple) Powershell script that shows if a device is still joined to a tenant? Knowing which exact tenant the device is registered to is a nice-to-have but not required.
FYI, we already tried the cmd command 'dsregcmd' but unfortunately the output was not reliable. We found multiple occasions where dsregcmd claimed the device was not Azure AD joined while it definitely was.
- $subKey = Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo"
$guids = $subKey.GetSubKeyNames()
foreach($guid in $guids) {
$guidSubKey = $subKey.OpenSubKey($guid);
$tenantId = $guidSubKey.GetValue("TenantId");
$userEmail = $guidSubKey.GetValue("UserEmail");
}
write-host $tenantId $userEmail
(Got this from https://nerdymishka.com/articles/azure-ad-domain-join-registry-keys/ , it works for me and shows me the tenantid and the account which was used for joining)- B4ArtBrass Contributor
A little extension to your script:
$subKey = Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/TenantInfo/$tenantId"
$tenantInfo = $subKey.GetValue("DisplayName")
write-host $tenantInfoAnd for completeness:
$subKey = Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo" $guids = $subKey.GetSubKeyNames() foreach($guid in $guids) { $guidSubKey = $subKey.OpenSubKey($guid) $tenantId = $guidSubKey.GetValue("TenantId") $userEmail = $guidSubKey.GetValue("UserEmail") } $subKey = Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/TenantInfo/$tenantId" $tenantInfo = $subKey.GetValue("DisplayName") write-host $tenantId write-host $tenantInfo write-host $userEmail
- Did this answer your question?