dsregcmd.exe not working as decribed in the wiki

[juergen-kc]

Hi

The documentation states that a simple "dsregcmd.exe /leave" within a PowerShell-Command will disjoin the device from AAD, but in practice this isn't working as expected.

Instead this iteration of code did it for me:

if([System.Environment]::Is64BitProcess){ dsregcmd.exe /leave } else { $ps64 = Join-Path $env:SystemRoot "\sysnative\WindowsPowerShell\v1.0\powershell.exe" & $ps64 -Command {dsregcmd.exe /leave} }

Post reboot the AD-Joined account is not present anymore and device is not enrolled into AAD either:

`C:\Windows\System32>dsregcmd.exe /status

+----------------------------------------------------------------------+ | Device State | +----------------------------------------------------------------------+

         AzureAdJoined : NO
      EnterpriseJoined : NO
          DomainJoined : NO
       Virtual Desktop : NOT SET
           Device Name : JUERGENKLAA6F9D

+----------------------------------------------------------------------+ | User State | +----------------------------------------------------------------------+

                NgcSet : NO
       WorkplaceJoined : NO
         WamDefaultSet : NO

+----------------------------------------------------------------------+ | SSO State | +----------------------------------------------------------------------+

            AzureAdPrt : NO
   AzureAdPrtAuthority : NO
         EnterprisePrt : NO
EnterprisePrtAuthority : NO

+----------------------------------------------------------------------+ | IE Proxy Config for Current User | +----------------------------------------------------------------------+

  Auto Detect Settings : YES
Auto-Configuration URL :
     Proxy Server List :
     Proxy Bypass List :

+----------------------------------------------------------------------+ | WinHttp Default Proxy Config | +----------------------------------------------------------------------+

           Access Type : DIRECT

+----------------------------------------------------------------------+ | Ngc Prerequisite Check | +----------------------------------------------------------------------+

        IsDeviceJoined : NO
         IsUserAzureAD : NO
         PolicyEnabled : NO
      PostLogonEnabled : YES
        DeviceEligible : YES
    SessionIsNotRemote : YES
        CertEnrollment : none
          PreReqResult : WillNotProvision`

[jworkmanjc]

Just a note on this, I'm going to close this issue tomorrow when I clean up documentation but we introduced a change in v2.2.0 to invoke the dsregccmd.exe step as system which does have permission to leave the domain.

This issue should be resolved in the current release 👍

[jworkmanjc]

Wiki updated, closing