This is a quick example of how we can use PowerShell to extract Azure Active Directory device status from dsregcmd.
Sometimes we need to run a script on a device to troubleshoot devices by using the dsregcmd command, or indeed to check the status of a device to ascertain if it Azure AD joined.
At the time of writing, I’m not aware of any native client-side PowerShell cmdlets that can do this. So instead we can parse the output of dsregcmd to retrieve the information we require.
$system32 = [Environment]::SystemDirectory
$dsRegExe = "$system32\dsregcmd.exe"
if (test-path $dsRegExe) {
#run command and return output
$aadStatus = (cmd /c $dsRegExe /status)
#parse output and write it to a custom object
if ($aadStatus -ne $null) {
$DeviceState = [pscustomobject]@{
"AzureAdJoined" = ($aadStatus -match "AzureAdJoined").Split(":")[-1].trim()
"EnterpriseJoined" = ($aadStatus -match "EnterpriseJoined").Split(":")[-1].trim()
"DomainJoined" = ($aadStatus -match "DomainJoined").Split(":")[-1].trim()
"DomainName" = ($aadStatus -match "DomainName").Split(":")[-1].trim()
"DeviceName" = ($aadStatus -match "Device Name").Split(":")[-1].trim()
}
#write the output to console
write-host $DeviceState.AzureAdJoined
write-host $DeviceState.EnterpriseJoined
write-host $DeviceState.DomainJoined
write-host $DeviceState.DomainName
write-host $DeviceState.DeviceName
#example test
if ($DeviceState.AzureAdJoined -eq "YES") {
write-host "Device is Joined"
}
}
}There is, of course, lots more output for dsregcmd.exe. This example only covers the device state. So feel free to expand this script to include device details, tenant details, user state, SSO state and more.