Azure Ad Domain Join Registry Keys

Filed under: PowerShell

Recently, I found that I needed to determine if a computer and user is part of an Azure AD domain using only Powershell.

I couldn’t find any documentation on this, however, since Windows knows that I’m part of an Azure Ad domain, it must store that information
somewhere.

I started searching the registry and I found what I was looking for.

There are two subkeys. One can be used to determine if a machine is joined to the azure domain, the other can be used to determine if a user is attached to that domain.

Determine if a machine is joined to AzureAd

HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo/{Guid}

Underneath the key, the following keys can be found:
– TenantId
– UserEmail

$subKey = Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo"

$guids = $subKey.GetSubKeyNames()
foreach($guid in $guids) {
    $guidSubKey = $subKey.OpenSubKey($guid);
    $tenantId = $guidSubKey.GetValue("TenantId");
    $userEmail = $guidSubKey.GetValue("UserEmail");
}

Determine if a user is joined to an AzureAd Domain

HKCU:/SOFTWARE/Microsoft/Windows NT/CurrentVersion/WorkplaceJoin/AADNGC/{Guid}

Underneath the key, the following keys can be found:
– TenantDomain
– UserId

$subKey = Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo"

$guids = $subKey.GetSubKeyNames()
foreach($guid in $guids) {
    $guidSubKey = $subKey.OpenSubKey($guid);
    $tenantId = $guidSubKey.GetValue("TenantDomain");
    $userEmail = $guidSubKey.GetValue("UserId");
}

Hopefully, this will save someone else the time it took me scouring through the registry to find this information.

Comments

comments

Nerdy Mishka