Find The Azure AD Join Type

KB ID 0001597

Problem

I recently did a post about Joining Azure AD. while working on that I found out there were three different Azure AD ‘States’ (see below). But how do you pingd out your Azure AD Join Type?

  • Azure AD Joined: Aimed at Corporate owned machines joined to Azure AD, (or CYOD devices).
  • Azure AD Registered (Was called Workplace Joined, and still is if you work in PowerShell). Aimed at BYOD devices.
  • Azure Hybrid AD Joined: Where your machines are joined to both your local domain and Azure AD.

Of course your Windows clients can also still be Domain Joined, or Simply Workgroup Joined. But you can’t be Domain Joined and Azure AD Joined. Thought to be even more confusingly you can be Domain Joined and Azure AD Registered.

How To Find The Azure AD Join Type

Azure AD Join Type: Azure AD Joined

The command you need to use is;

dsregcmd /status

Look for AzureADJoined : YES. Also take a note of the DeviceId. (Note: Is should NOT say domain joined also, if it does, your join type is Hybrid!)

Check Azure AD Domain Join

To check with PowerShell, first you need to connect with Connect-MsolService, then. log into Azure AD. Then you can query a DEviceId’s status with the following command.

Get-MsolDevice -DevideID {Device-ID-From Above}

Look for DeviceTrustType: Azure AD Joined.

Check Azure AD Domain Join

From within Azure > Azure Active Directory > Devices > Locate the Device in question > Join Type: Azure AD Joined.

Azure AD Join Status Portal

Azure AD Join Type: Azure AD Registered (Workplace Joined)

When a device is AD registered then it has been connected from a logged on account, that has been connected, via the Access Work or School wizard. You can see this only if you’re logged on as that user! Settings > Accounts > Access work or School > Look for an enter under ‘Connect’.

Workplace Joined

If you are not logged on as the user then run there same command we ran above;

dsregcmd /status

And look for a WorkplaceDeviceId.

Windows School or Work

Then use the same PowerShell commands as above. 

First you need to connect with Connect-MsolService, log into Azure AD. Then you can query a DEviceId’s status with the following command.

Get-MsolDevice -DevideID {Device-ID-From Above}

Look for DeviceTrustType: Workplace Joined. (Yeah very consistent, thanks Microsoft ‘half a job’ developers!)

Powershell Azure AD WORKPLACE JOINED

Azure AD Join Type: Azure Hybrid AD Joined

You can use the same command to view Azure AD Hybrid Domain Joined status.

dsregcmd /status

If you are Azure Hybrid AD joined. you will see that AzureAdJoined :YES, and so is DomainJoined.

Azure AD Join Type:

You can also look in Azure yourself, and the properties of the device will tell you you are Hybrid AD joined for this device.

Check Hybrid Azure AD Join Status

Domain Joined

You can use the same command to view Local (On-Prem) Domain Joined status.

dsregcmd /status

And look for DomainJoined : YES, and DomainName : {Your-Domain-Name}.

Local Domain Joined

Of course as always you can see the information on your computer’s ‘Properties’, like so;

Show Windows Domain Info

Note: An Azure AD Joined Machine does not show details here, in fact it says it’s workgroup joined! (Again thanks Microsoft, we’ve only looked here since Windows NT4, would it have been that much more work to update this as well?)

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

2 Comments

  1. Mike Elliott

    26/05/2020

    Nice summary. How about Hybrid AD Joined?

    Mike

    Post a Reply
  2. Seyoum Solomon

    24/12/2020

    Hi Mike
    How do you unjoin your remote laptop so you can join it to the local domain?
    Thanks

    Post a Reply

Leave a Reply to Seyoum Solomon Cancel reply

Your email address will not be published. Required fields are marked *