Dependencies

[gherbstman]

It does seen this module has a dependency on the system having the DsRegCmd.exe or something else system version related. It does not run on a 2012 R2 server.

Can you enlighten me? Maybe the dependencies section can be updated.

[Yevrag35]

So, technically, Windows Server 2012 R2 is considered a "down-level" device. And because of that, dsregcmd.exe is not included in the OS install. But while you can't retrieve the status of a down-level device with this module, you could run it to pull the information from Windows 10 or Server 2016+ machines remotely from one.

I'll think about how I can add that verbiage to the README or something.

Here's a link to a Microsoft article on how to retrieve Azure AD registration status on down-level devices: https://docs.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-hybrid-join-windows-legacy

EDIT - Yes, this module is a 'wrapper' and, as such, it does not include the program that it is intended to wrap.

[gherbstman]

Thanks for the update. As I am running scripts locally through an rmm tool I don't really want the complexity of anything remote. New paragraph I did come up with a workaround for my scripts in that I check for the existence of DNS command and if it does not exist I just use other means to get the local domain. I also assume at that point it cannot be azure ad joined because it is as you say a down level device. The code is simple and only a few lines of code. If you want to incorporate that I'd be glad to send you what I have.

…

________________________________ From: Mike Garvey ***@***.***> Sent: Tuesday, April 20, 2021 9:45:27 AM To: Yevrag35/DsRegModule ***@***.***> Cc: Gary Herbstman ***@***.***>; Author ***@***.***> Subject: Re: [Yevrag35/DsRegModule] Dependencies (#6) So, technically, Windows Server 2012 R2 is considered a "down-level" device. And because of that, dsregcmd.exe is not included in the OS install. But while you can't retrieve the status of a down-level device with this module, you could run it to pull the information from Windows 10 or Server 2016+ machines remotely from one. I'll think about how I can add that verbiage to the README or something. Here's a link to a Microsoft article on how to retrieve Azure AD registration status on down-level devices: https://docs.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-hybrid-join-windows-legacy — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#6 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AB4GPF6IDAMBGVJIJEZ27ETTJWAPPANCNFSM43EOMB6A>.

[Yevrag35]

I created an issue, and I'll see about adding a custom error to the commands if the OS version does not have the dsregcmd executable.

[gherbstman]

If you find this useful. Function Get-CommandExists ([string]$cmd) { return ((Get-Command $cmd -ErrorAction SilentlyContinue) -ne $null) } # Older systems do not support getting the status in the modern way. If (-Not (Get-CommandExists("dsregcmd.exe"))) { Write-Output "DSRegCmd missing, Trying alternate method" $domainName = (Get-CIMInstance Win32_NTDomain).DomainName If ($domainName -ne $null) { $StatusText = "Domain Joined: " + $domainName } else { $StatusText = "Domain Unkown" } } From: Mike Garvey ***@***.***> Sent: Wednesday, April 21, 2021 10:32 AM To: Yevrag35/DsRegModule ***@***.***> Cc: Gary Herbstman ***@***.***>; Author ***@***.***> Subject: Re: [Yevrag35/DsRegModule] Dependencies (#6) I created an issue<#7>, and I'll see about adding a custom error to the commands if the OS version does not have the dsregcmd executable. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#6 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AB4GPF6TGKMLHO6QNKVCL7TTJ3OUPANCNFSM43EOMB6A>.

[Yevrag35]

Curiously, if all you're trying to pull is the Domain Name, why not just use (Get-CimInstance Win32_NTDomain).DomainName for all situations?

Are you using the module for other things too?

[gherbstman]

We are not just wanting the AD info. We also want to know if the device is AAD joined and report the name of AAD. This is just a small snipit. On computers that do not have DSRegCmd, it cannot be AAD joined anyway. From: Mike Garvey ***@***.***> Sent: Wednesday, April 21, 2021 11:21 AM To: Yevrag35/DsRegModule ***@***.***> Cc: Gary Herbstman ***@***.***>; Author ***@***.***> Subject: Re: [Yevrag35/DsRegModule] Dependencies (#6) Curiously, if all you're trying to pull is the Domain Name, why not just use (Get-CimInstance Win32_NTDomain).DomainName for all situations? Are you using the module for other things too? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#6 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AB4GPF5TBR43WYY6MKRGMYLTJ3UMLANCNFSM43EOMB6A>.

[Yevrag35]

You can, actually, Azure AD Hybrid Join down-level devices. However, it's quite a bit harder to do so as the machine would have needed to download a specific program called "autoworkplace.exe" from Microsoft.

If you have not enabled down-level device within your organization's Azure AD Connect installation, then yes, you can use your method just fine.

However, If you're an MSP, you won't be able to assume that all down-level devices are not Azure AD Hybrid Joined as the customer may have enabled down-level support (unless you're 100% sure they wouldn't have done that).

A better way, in my opinion, would be a check like this:

Function Test-DsReg() {
   Test-Path -Path "$env:WINDIR\System32\dsregcmd.exe" -PathType Leaf
}

Function Test-Autoworkplace() {
   Test-Path -Path "$env:PROGRAMFILES\Microsoft Workplace Join\autoworkplace.exe" -PathType Leaf
}

if (-not (Test-DsReg)) {
   if (-not (Test-Autoworkplace)) {
      # Machine is down-level and 100% not Hybrid Azure AD Joined
   }
   else {
      # Machine is down-level and possibly could be Hybrid Azure AD Joined
   }
}

[gherbstman]

Thanks Mike, that was great info. We have only been AAD joining W10 computers. You are right, I would want to cover older computers. And I learned something. Thanks. From: Mike Garvey ***@***.***> Sent: Wednesday, April 21, 2021 11:44 AM To: Yevrag35/DsRegModule ***@***.***> Cc: Gary Herbstman ***@***.***>; Author ***@***.***> Subject: Re: [Yevrag35/DsRegModule] Dependencies (#6) You can, actually, Azure AD Hybrid Join down-level devices. However, it quite a bit harder to do so as the machine would have needed to download a specific program called "autoworkplace.exe" from Microsoft. If you have not enabled down-level device within your organization's Azure AD Connect installation, then yes, you can your method just fine. However, If you're an MSP, you won't be able to assume that all down-level devices are not Azure AD Hybrid Joined as the customer may have enabled down-level support (unless you're 100% sure they wouldn't have done that). A better way, in my opinion, would be a check like this: Function Test-DsReg() { Test-Path -Path "$env:WINDIR\System32\dsregcmd.exe" -PathType Leaf } Function Test-Autoworkplace() { Test-Path -Path "$env:PROGRAMFILES\Microsoft Workplace Join\autoworkplace.exe" -PathType Leaf } if (-not (Test-DsReg)) { if (-not (Test-Autoworkplace)) { # Machine is down-level 100% not Hybrid Azure AD Joined } else { # Machine is down-level and possibly could be Hybrid Azure AD Joined } } — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#6 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AB4GPF2GXRTQFJSTDMEU6XTTJ3XELANCNFSM43EOMB6A>.