Directory Service Registration, device join status.

      DSREGCMD options

   /status       Display the device join status.
   /status_old   Display the device join status in old format.
   /join         Schedule and monitor the Autojoin task to Hybrid Join the device.
   /leave        Perform a Hybrid Unjoin.
                 Removes the device from azure and then re-joins on the next delta sync.
   /forcerecovery For Azure AD joined devices, will force a Sign out and Sign back in.
   /refreshprt   Refresh Primary Refresh Token (PRT) in the cloudAP cache.
   /debug        Display debug messages.

   /refreshp2pcerts  Refresh P2P certificates. *
   /cleanupaccounts  Delete all WAM accounts. *
   /listaccounts     List all WAM accounts. *
   /UpdateDevice     Update device attributes (e.g. a change in device name) to Azure AD. *
   /?            Help.

* = Windows 11 option.

Device State

AzureAdJoined EnterpriseJoined DomainJoined Device state
YES NO NO Azure AD Joined
NO NO YES Domain Joined
YES NO YES Hybrid AD Joined
NO YES YES On-premises DRS Joined

Device details

The Device state is displayed only when the device is Azure AD-joined or hybrid Azure AD-joined (not Azure AD-registered).

Tenant details

The tenant details are displayed only when the device is Azure AD-joined or hybrid Azure AD-joined, not Azure AD-registered.

User state

Statuses of various attributes for users who are currently logged in to the device.

SSO state

You can ignore this section for Azure AD registered devices.

Pre-join diagnostics

This diagnostics section is displayed only if the device is domain-joined and unable to hybrid Azure AD-join. This section performs various tests to help diagnose join failures. The information includes the error phase, the error code, the server request ID, the server response http status, and the server response error message.

Post-join diagnostics

This diagnostics section displays the output of sanity checks performed on a device that's joined to the cloud.

AadRecoveryEnabled: If the value is YES, the keys stored in the device aren't usable, and the device is marked for recovery. The next sign-in will trigger the recovery flow and re-register the device. KeySignTest: If the value is PASSED, the device keys are in good health.

NGC prerequisites check

This diagnostics section performs the prerequisites check for setting up Windows Hello for Business (WHFB).


C:\> DSREGCMD /status

"There's no limit possible to the expansion of each one of us" ~ Charles M. Schwab

Related commands

BROWSTAT - Get domain, browser and PDC info.
DSAdd - Add items to Active Directory (user group computer).
NTDSUtil - Active Directory Domain Services management.
Microsoft.com - Troubleshoot devices with dsregcmd.

Copyright © 1999-2024 SS64.com
Some rights reserved