How to Check Whether Windows 10 is Joined to Microsoft Entra ID

Before the advent of Windows 10 and the Modern Desktop era, it was easy for system administrators to determine whether Windows was joined to a Windows Server Active Directory (AD) domain. You opened the Control Panel, and in the System applet would be written the Fully-Qualified Domain Name (FQDN) of an Active Directory domain if the device was joined to AD. You could further test whether there was really a connection between the device and AD by using nltest.exe, a command built-in to Windows that can be used to confirm that there is a secure channel between device and domain controller (DC).

As more organizations move to the cloud, it is increasingly common to join Windows 10 to Azure Active Directory (recently renamed Microsoft Entra ID), the cloud-native directory service used by Microsoft 365 and Office 365. Joining Windows 10 to AAD allows organizations to fully manage devices much like is possible with Windows Server Active Directory, although Windows Server AD still offers more granular control than is currently possible with AAD. There’s also the option to perform a hybrid Azure AD domain join, where Windows 10 devices are joined to Windows Server AD and registered, but not connected, to AAD. In this article, I’m going to look at Windows 10 devices joined only to AAD.

If you don’t know much about AAD or have never joined Windows 10 to AAD, check out Join Windows 10 to Microsoft Entra ID During OOBE on Petri. You should also make sure you understand the difference between a device that is registered with AAD and one that is connected (joined) to AAD.

Azure AD and the Windows 10 Settings App

Once you’ve performed an Azure AD domain join in Windows 10 and logged in using an AAD user account, you need to head to the Settings app to confirm the connection with AAD. While many Windows settings can still be configured in the legacy Control Panel, all new features are set up and configured in the Settings app, which you can open by pressing the WINDOWS key + I, or from the Start menu.

If experienced sysadmins always knew where to look in the Control Panel, the Settings app might leave you scratching your head. I tend to still use the Control Panel because as a matter of habit I can find legacy settings without having to think about where to look. Or maybe it’s the sometimes questionable design and terminology used in the Settings app that puts me off ditching the Control Panel because often it is not obvious where to look for a setting.

Check Windows 10 Azure AD Domain Connectivity

Here are a few simple steps that you can follow to confirm whether Windows 10 is joined to a Microsoft Entra ID domain.

• Open the Windows 10 Settings app by pressing WIN+I or from the Start menu.
• Go to Accounts in the Settings app.
• Click Access work or school in the list of options on the left.
• If the device is joined to AAD, or ‘connected’ in Microsoft parlance, you should see the connection to your AAD domain listed.

• Click on your AAD domain and then click the Info
• On the ‘Managed by’ screen, you should see the name of your AAD domain at the top, in my case RSITC, and the name of a management server and Exchange ID in the area below Connection info.

• Below Device sync status, you should see the last time the device successfully synchronized with AAD. You can force a sync to happen immediately by clicking Sync.
• If you need more advanced troubleshooting information, click Create report under Advanced Diagnostic Report. The report is exported in HTML format to C:UsersPublicDocumentsMDMDiagnostics.

And that’s it. What can be confusing at first is needing to look in Accounts and not System in the Settings app. To further complicate the situation, AAD accounts also appear in the Email & accounts section of Accounts but from here you can’t confirm an AAD join using the steps described above.

FAQs

How can I quickly check Azure AD join status using PowerShell commands?

You can check Azure AD join status using PowerShell by running the command “dsregcmd /status” which provides detailed information about the device’s Azure AD connection state, including registration status and tenant details.

What are the common error codes when checking Azure AD join status?

When checking Azure AD join status, common error codes include 0x801C03F2 (network connectivity issues), 0x80180014 (device state issues), and 0x8018002B (authentication problems). Each code provides specific insight into why the connection might be failing.

Can I check Azure AD join status without admin privileges?

While basic Azure AD join status can be viewed by regular users through the Settings app, detailed diagnostic information and the ability to check Azure AD join status through command-line tools requires administrative privileges.

How often should I verify my device’s Azure AD join status?

It’s recommended to check Azure AD join status monthly or after major system updates, network changes, or when experiencing authentication issues to ensure proper device management and security compliance.

What’s the difference between checking Azure AD join status in hybrid vs cloud-only environments?

When checking Azure AD join status in hybrid environments, you’ll need to verify both the local domain connection and Azure AD registration, while cloud-only environments only require checking the Azure AD connection state and sync status.