unable to run the DSREGCMD from PowerShell while deploying from SCCM

Anant Bera 86 Reputation points
2024-05-13T18:12:30.0433333+00:00

hey experts

we are trying to run dsregcmd command from PowerShell but we are getting an error that dsregcmd is not recognized as an external or internal command. We are deploying the script using SCCM with the user rights. we have updated the code

Start-Transcript -Path "$PSScriptRoot\unreg.log"

$dsregOutput = Invoke-Expression -Command "cmd /c C:\Windows\System32\dsregcmd.exe /status"

$azureADJoinStatus = ($dsregOutput | Select-String -Pattern "AzureAdJoined").Line.Split(":")[1].Trim()

if($azureADJoinStatus -eq "YES"){

try{

$leave =Invoke-Expression -Command "cmd /c C:\Windows\System32\dsregcmd.exe /leave"

write-host "Device is unregister from Azure AD"

}

catch{

write-host( "Error occurred: $_")

}

}

else{

write-host "Device is already unregistered from Azure Ad "

}

Stop-Transcript

but we are getting the error

**"**At C:\Windows\ccmcache\l\unreg.ps1:11 char:1 + $azureADJoinStatus = ($dsregOutput | Select-String -Pattern "AzureAdJ ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : InvokeMeth

what will be the best way to run the dsregcmd command from PowerShell while deploying from SCCM

Thanks

Microsoft Configuration Manager
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,147 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. glebgreenspan 1,365 Reputation points
    2024-05-13T20:33:16.5666667+00:00

    Hello

    It seems like you're trying to run the dsregcmd command from PowerShell, but it's not recognized as an external or internal command. This is because the dsregcmd command is a part of the Windows operating system, and it's not included in the PowerShell's default path.

    Option 1: Use the full path to the dsregcmd command

    You can modify your script to use the full path to the dsregcmd command, like this:

    $dsregOutput = Invoke-Expression -Command "C:\Windows\System32\dsregcmd.exe /status"

    This will ensure that PowerShell finds the correct executable and runs it.

    Option 2: Set the system path to include the Windows System32 directory

    You can add the Windows System32 directory to the system path using the following command:

    [System.Environment]::SetEnvironmentVariable("Path", "$env:Path;C:\Windows\System32", [System.EnvironmentVariableTarget]::Machine)

    his will add the Windows System32 directory to the system path, allowing you to run dsregcmd from any directory.

    Option 3: Run PowerShell as an administrator

    If you're running PowerShell as a non-admin user, it might not have access to the dsregcmd command. Try running PowerShell as an administrator, and see if that resolves the issue.

    Additional suggestion:

    When deploying scripts using SCCM, it's a good practice to use the Start-Process cmdlet to run external commands, like dsregcmd. This will ensure that the command is executed in a separate process, and it will also help with any potential issues related to PowerShell's execution policy.

    Here's an updated version of your script:

    Start-Transcript -Path "$PSScriptRoot\unreg.log"

    $dsregOutput = Start-Process -FilePath "C:\Windows\System32\dsregcmd.exe" -ArgumentList "/status" -Wait -PassThru

    $azureADJoinStatus = ($dsregOutput.StandardOutput | Select-String -Pattern "AzureAdJoined").Line.Split(":")[1].Trim()

    ... rest of your script ...

    This should help you run the dsregcmd command successfully from PowerShell.


  2. Rahul Jindal [MVP] 9,271 Reputation points MVP
    2024-05-13T20:35:36.34+00:00

    Dsregcmd /leave needs to be run with admin privileges.

    0 comments No comments

  3. MotoX80 32,246 Reputation points
    2024-05-14T00:53:43.13+00:00

    Well, it won't fix the "run as admin to leave" problem, but this version of your script should work better.

    You don't need to use Invoke-Expression or use cmd to run an executable. Just invoke it directly.

    But you should capture stderr (2>&1) in addition to stdout and verify that dsregcmd did return some output.I tested this in PS 5.1 on Win11. I do not have access to SCCM to test that part.

    Start-Transcript -Path "$PSScriptRoot\unreg.log"
    $dsregOutput = C:\Windows\System32\dsregcmd.exe /status  2>&1
    if ($dsregOutput) {
        $azureADJoinStatus = ($dsregOutput | Select-String -Pattern "AzureAdJoined").Line.Split(":")[1].Trim()
        Write-Host "Status is $azureADJoinStatus"
        if($azureADJoinStatus -eq "YES"){
            try {
                $leave =  C:\Windows\System32\dsregcmd.exe /leave 2>&1
                if ($leave) {
                    write-host "Device is unregister from Azure AD"
                    write-host $leave
                } else {
                    write-host "Dsregcmd /leave did not return any output."
                }
            }  catch {
                write-host( "Error occurred: $_")
            }
        } else {
            write-host "Device is already unregistered from Azure Ad "
        }
    } else {
        write-host "Dsregcmd /status did not return any output."
    }
    Stop-Transcript
    
    0 comments No comments