unable to run the DSREGCMD from PowerShell while deploying from SCCM

Anant Bera 151 Reputation points
2024-05-13T18:12:30.0433333+00:00

hey experts

we are trying to run dsregcmd command from PowerShell but we are getting an error that dsregcmd is not recognized as an external or internal command. We are deploying the script using SCCM with the user rights. we have updated the code

Start-Transcript -Path "$PSScriptRoot\unreg.log"

$dsregOutput = Invoke-Expression -Command "cmd /c C:\Windows\System32\dsregcmd.exe /status"

$azureADJoinStatus = ($dsregOutput | Select-String -Pattern "AzureAdJoined").Line.Split(":")[1].Trim()

if($azureADJoinStatus -eq "YES"){

try{

$leave =Invoke-Expression -Command "cmd /c C:\Windows\System32\dsregcmd.exe /leave"

write-host "Device is unregister from Azure AD"

}

catch{

write-host( "Error occurred: $_")

}

}

else{

write-host "Device is already unregistered from Azure Ad "

}

Stop-Transcript

but we are getting the error

**"**At C:\Windows\ccmcache\l\unreg.ps1:11 char:1 + $azureADJoinStatus = ($dsregOutput | Select-String -Pattern "AzureAdJ ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : InvokeMeth

what will be the best way to run the dsregcmd command from PowerShell while deploying from SCCM

Thanks

Microsoft Configuration Manager
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,570 questions
0 comments No comments
{count} votes

Accepted answer
  1. Simon Ren-MSFT 35,151 Reputation points Microsoft Vendor
    2024-06-04T10:33:48.56+00:00

    Hi,

    Thanks very much for your feedback and sharing. We're glad that the issue is gone now. It's appreciated that you could click "Accept Answer" to the helpful reply, this will help other users to search for useful information more quickly. Here's a short summary for the problem.

    Problem/Symptom:

    Failed to run the dsregcmd command from PowerShell while deploying from SCCM with user rights and got below error:

    **"**At C:\Windows\ccmcache\l\unreg.ps1:11 char:1 + $azureADJoinStatus = ($dsregOutput | Select-String -Pattern "AzureAdJ ... +

    Solution/Workaround:

    Changed the package structure to 64bit and changed the PowerShell path as 64 bit and it is working fine.

    dsregcmd command

    Thanks again for your time. Have a nice day!

    Best regards,

    Simon


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

4 additional answers

Sort by: Most helpful
  1. Rahul Jindal [MVP] 10,196 Reputation points MVP
    2024-05-13T20:35:36.34+00:00

    Dsregcmd /leave needs to be run with admin privileges.

    1 person found this answer helpful.
    0 comments No comments

  2. Anant Bera 151 Reputation points
    2024-05-24T04:49:28.2133333+00:00

    I got to know by default the SCCM is deploying the app packages as 32 bit process. while running as 32bit process the script is unable to locate the path "C:\Windows\System32\dsregcmd.exe" which is visible for the 64 bit process

    We have changed the package structure to 64bit and changed the PowerShell path as 64 bit and it is working fine for me

    1 person found this answer helpful.
    0 comments No comments

  3. glebgreenspan 2,235 Reputation points
    2024-05-13T20:33:16.5666667+00:00

    Hello

    It seems like you're trying to run the dsregcmd command from PowerShell, but it's not recognized as an external or internal command. This is because the dsregcmd command is a part of the Windows operating system, and it's not included in the PowerShell's default path.

    Option 1: Use the full path to the dsregcmd command

    You can modify your script to use the full path to the dsregcmd command, like this:

    $dsregOutput = Invoke-Expression -Command "C:\Windows\System32\dsregcmd.exe /status"

    This will ensure that PowerShell finds the correct executable and runs it.

    Option 2: Set the system path to include the Windows System32 directory

    You can add the Windows System32 directory to the system path using the following command:

    [System.Environment]::SetEnvironmentVariable("Path", "$env:Path;C:\Windows\System32", [System.EnvironmentVariableTarget]::Machine)

    his will add the Windows System32 directory to the system path, allowing you to run dsregcmd from any directory.

    Option 3: Run PowerShell as an administrator

    If you're running PowerShell as a non-admin user, it might not have access to the dsregcmd command. Try running PowerShell as an administrator, and see if that resolves the issue.

    Additional suggestion:

    When deploying scripts using SCCM, it's a good practice to use the Start-Process cmdlet to run external commands, like dsregcmd. This will ensure that the command is executed in a separate process, and it will also help with any potential issues related to PowerShell's execution policy.

    Here's an updated version of your script:

    Start-Transcript -Path "$PSScriptRoot\unreg.log"

    $dsregOutput = Start-Process -FilePath "C:\Windows\System32\dsregcmd.exe" -ArgumentList "/status" -Wait -PassThru

    $azureADJoinStatus = ($dsregOutput.StandardOutput | Select-String -Pattern "AzureAdJoined").Line.Split(":")[1].Trim()

    ... rest of your script ...

    This should help you run the dsregcmd command successfully from PowerShell.


  4. MotoX80 34,346 Reputation points
    2024-05-14T00:53:43.13+00:00

    Well, it won't fix the "run as admin to leave" problem, but this version of your script should work better.

    You don't need to use Invoke-Expression or use cmd to run an executable. Just invoke it directly.

    But you should capture stderr (2>&1) in addition to stdout and verify that dsregcmd did return some output.I tested this in PS 5.1 on Win11. I do not have access to SCCM to test that part.

    Start-Transcript -Path "$PSScriptRoot\unreg.log"
    $dsregOutput = C:\Windows\System32\dsregcmd.exe /status  2>&1
    if ($dsregOutput) {
        $azureADJoinStatus = ($dsregOutput | Select-String -Pattern "AzureAdJoined").Line.Split(":")[1].Trim()
        Write-Host "Status is $azureADJoinStatus"
        if($azureADJoinStatus -eq "YES"){
            try {
                $leave =  C:\Windows\System32\dsregcmd.exe /leave 2>&1
                if ($leave) {
                    write-host "Device is unregister from Azure AD"
                    write-host $leave
                } else {
                    write-host "Dsregcmd /leave did not return any output."
                }
            }  catch {
                write-host( "Error occurred: $_")
            }
        } else {
            write-host "Device is already unregistered from Azure Ad "
        }
    } else {
        write-host "Dsregcmd /status did not return any output."
    }
    Stop-Transcript
    
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.