5

I would like to be able to determine via script whether a given Windows workstation is AAD joined, Hybrid AD joined, or on-prem AD joined.

I would like to run this script from the RMM I'm using so I can store those results in the RMM and be able to easily group computers into those three categories (plus one for workstations that are not joined to any kind of domain).

The RMM I'm using runs powershell scripts as NT AUTHORITY\SYSTEM.

The typically recommended method for getting this information is to run the command

dsregcmd /status

However, per Microsoft's documentation

The dsregcmd /status utility must be run as a domain user account.

I've verified in my own testing that running dsregcmd /status in Powershell as NT AUTHORITY\SYSTEM returns the error

dsregcmd : The term 'dsregcmd' is not recognized as the name of a cmdlet, function, script file, or operable program.

Running the command in cmd returns a similar error.

The error is the same when I try specifying the full path to dsregcmd.exe.

Is there a way to get this command to work when running as SYSTEM? Alternatively, is there another way to determine if a workstation is AAD Joined when running as SYSTEM?

phaedrusschmaedrus
  • 73
  • 6
  • 1
    How does your RMM access these systems? Presumably you had to configure a valid domain account for it to use. If so, why not run it as that user? – joeqwerty Jun 09 '22 at 19:39

1 Answers1

6

Query the registry https://nerdymishka.com/articles/azure-ad-domain-join-registry-keys/

Determine if a machine is joined to AzureAd HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo/{Guid}

Underneath the key, the following keys can be found: – TenantId – UserEmail

$subKey = Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo"

$guids = $subKey.GetSubKeyNames()
foreach($guid in $guids) {
    $guidSubKey = $subKey.OpenSubKey($guid);
    $tenantId = $guidSubKey.GetValue("TenantId");
    $userEmail = $guidSubKey.GetValue("UserEmail");
}
mfinni
  • 36,144
  • 4
  • 53
  • 86