Question: Script to see if device is Azure AD joined

Copper Contributor

We often receive notebooks that are still joined to a Azure AD tenant. Is there a (simple) Powershell script that shows if a device is still joined to a tenant? Knowing which exact tenant the device is registered to is a nice-to-have but not required. 

 

FYI, we already tried the cmd command 'dsregcmd' but unfortunately the output was not reliable. We found multiple occasions where dsregcmd claimed the device was not Azure AD joined while it definitely was.

3 Replies
$subKey = Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo"

$guids = $subKey.GetSubKeyNames()
foreach($guid in $guids) {
$guidSubKey = $subKey.OpenSubKey($guid);
$tenantId = $guidSubKey.GetValue("TenantId");
$userEmail = $guidSubKey.GetValue("UserEmail");
}

write-host $tenantId $userEmail

(Got this from https://nerdymishka.com/articles/azure-ad-domain-join-registry-keys/ , it works for me and shows me the tenantid and the account which was used for joining)
Did this answer your question?

A little extension to your script:
$subKey = Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/TenantInfo/$tenantId"
$tenantInfo = $subKey.GetValue("DisplayName")
write-host $tenantInfo

 

And for completeness:

$subKey = Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo"

$guids = $subKey.GetSubKeyNames()
foreach($guid in $guids) {
	$guidSubKey = $subKey.OpenSubKey($guid)
	$tenantId = $guidSubKey.GetValue("TenantId")
	$userEmail = $guidSubKey.GetValue("UserEmail")
}

$subKey = Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/TenantInfo/$tenantId"
$tenantInfo = $subKey.GetValue("DisplayName")

write-host $tenantId
write-host $tenantInfo
write-host $userEmail