Azure Ad Domain Join Registry Keys

Recently, I found that I needed to determine if a computer and user is part of an Azure AD domain using only Powershell. I couldn't find any documentation on this, however, since Windows knows that I'm part of an Azure Ad domain, it must store that information somewhere.

I started searching the registry and I found what I was looking for. There are two subkeys. One can be used to determine if a machine is joined to the azure domain, the other can be used to determine if a user is attached to that domain.

Determine if a machine is joined to AzureAd

HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo/{Guid}

Underneath the key, the following keys can be found:

  • TenantId
  • UserEmail
$guids = $subKey.GetSubKeyNames() foreach($guid in $guids) {
$guidSubKey = $subKey.OpenSubKey($guid);
$tenantId = $guidSubKey.GetValue("TenantId");
$userEmail = $guidSubKey.GetValue("UserEmail");
}

Determine if a user is joined to an AzureAd Domain

HKCU:/SOFTWARE/Microsoft/Windows NT/CurrentVersion/WorkplaceJoin/AADNGC/{Guid}

Underneath the key, the following keys can be found:

  • TenantDomain
  • UserId
$subKey = Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo"

$guids = $subKey.GetSubKeyNames()
foreach($guid in $guids) {
$guidSubKey = $subKey.OpenSubKey($guid);
$tenantId = $guidSubKey.GetValue("TenantDomain");
$userEmail = $guidSubKey.GetValue("UserId");
}

Hopefully, this will save someone else the time it took me scouring through the registry to find this information.