Checking the join method on a Windows 10 computers.
Checking the domain join type of a computer used to be easy (here was only one :)). We could to go to System Information pane of the Control Panel. Here we can find out very quicky to which domain the computer is joined.
But when you AzureAD join a computer, things are not that simple. In this blog I will go over the different enrollment methodes (Domain Join, AzureAD Join and Hybrid Azure AD Join) and show how you can recognize which enrollment method has been used.
The regular domain join is the easiest to recognize, because it has been around for such a long time.
Like I said before, the easiest way to find this type of domain join is to go the System Information pane of the Control panel. But since Windows 10, there is another way to find it.
This new method uses the Settings apps. When you navigate to Accounts – ‘Access work or school account’ you will find to domain to which your current computer is joined.
Azure AD Join.
When looking for the domain of an computer is Azure AD joined to, some people get confused. Because they go to the information pane, only to find that the computer is part of a workgroup.
This can be confusing for a lot of people at first. But when we go to the ‘Access work or school’ tab in the Settings app we can see the following:
In this app it’s very easy to find out whether a computer is AzureAD domain joined or not.
Hybrid Azure AD Join
Because lots companies still have to have their computers joined to a local domain, hybrid Azure AD Join is a good option. This way we can use the best of both worlds.(learn more about it in this blog, from my colleague Sam).
If you want to visually check whether a computer is hybrid joined or not, we can go to the settings app again. Here we can see two entries. One that looks the same as a regular domain join and one that tells us the computer is AzureAD Joined.
But if we click on the accounts, we see there is an extra button (info). If you see this, it means your device if hybrid joined.
The tips above all used the GUI, but we nerds love command line. That’s why I want go tell you about the command dsregcmd. This command can be used to check the domain status of a Windows 10 computer. Find out more about it on the Microsoft docs.
If you want to find out the join status of a Windows 10 device, I advise you to use the Windows 10 settings app to get a quick status. Using the old method, Control Panel, doesn’t give you all the information of the latest methods.
I am a 22-year old cloud and automation enthusiast. My main focus is EMS, Powershell and Azure. My scripts can be found through my GitHub account: https://github.com/thijslecomte. I am currently blogging at http://365bythijs.be
I think our assumption that the the computer is MDM joined is also hybrid joined is flawed.
Your device can be associated to a MDM without ever being azure AD joined.
the only sure fire method is to run dsregcmd.exe /status, and evaluate the first three responses as per the MS KB article.
I dont think this is accurate advice. In my experience with hybrid joined devices, you have to await the replication phase from your connector before it will be AZAD joined. Technically the computer is in a state where it believes it has already registered and is awaiting a sync with a object that does not exist (yet) due to the delay in on prem to off prem replication.
It is also worth adding, that a device can be AZAD joined without being MDM (or intune) joined. as they are separate licences.
if your readers’ ability is limited to the GUI. it is possible to see this from the work page when the computer is moved outsidfe the domain network. It will due to a bug replace the domain notification with the default AZAD one.