Dsregcmd /leave needs to be run with admin privileges.
unable to run the DSREGCMD from PowerShell while deploying from SCCM
hey experts
we are trying to run dsregcmd command from PowerShell but we are getting an error that dsregcmd is not recognized as an external or internal command. We are deploying the script using SCCM with the user rights. we have updated the code
Start-Transcript -Path "$PSScriptRoot\unreg.log"
$dsregOutput = Invoke-Expression -Command "cmd /c C:\Windows\System32\dsregcmd.exe /status"
$azureADJoinStatus = ($dsregOutput | Select-String -Pattern "AzureAdJoined").Line.Split(":")[1].Trim()
if($azureADJoinStatus -eq "YES"){
try{
$leave =Invoke-Expression -Command "cmd /c C:\Windows\System32\dsregcmd.exe /leave"
write-host "Device is unregister from Azure AD"
}
catch{
write-host( "Error occurred: $_")
}
}
else{
write-host "Device is already unregistered from Azure Ad "
}
Stop-Transcript
but we are getting the error
**"**At C:\Windows\ccmcache\l\unreg.ps1:11 char:1 + $azureADJoinStatus = ($dsregOutput | Select-String -Pattern "AzureAdJ ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : InvokeMeth
what will be the best way to run the dsregcmd command from PowerShell while deploying from SCCM
Thanks
4 answers
Sort by: Most helpful
-
-
glebgreenspan 1,370 Reputation points
2024-05-13T20:33:16.5666667+00:00 Hello
It seems like you're trying to run the
dsregcmd
command from PowerShell, but it's not recognized as an external or internal command. This is because thedsregcmd
command is a part of the Windows operating system, and it's not included in the PowerShell's default path.Option 1: Use the full path to the dsregcmd command
You can modify your script to use the full path to the
dsregcmd
command, like this:$dsregOutput = Invoke-Expression -Command "C:\Windows\System32\dsregcmd.exe /status"
This will ensure that PowerShell finds the correct executable and runs it.
Option 2: Set the system path to include the Windows System32 directory
You can add the Windows System32 directory to the system path using the following command:
[System.Environment]::SetEnvironmentVariable("Path", "$env:Path;C:\Windows\System32", [System.EnvironmentVariableTarget]::Machine)
his will add the Windows System32 directory to the system path, allowing you to run
dsregcmd
from any directory.Option 3: Run PowerShell as an administrator
If you're running PowerShell as a non-admin user, it might not have access to the
dsregcmd
command. Try running PowerShell as an administrator, and see if that resolves the issue.Additional suggestion:
When deploying scripts using SCCM, it's a good practice to use the
Start-Process
cmdlet to run external commands, likedsregcmd
. This will ensure that the command is executed in a separate process, and it will also help with any potential issues related to PowerShell's execution policy.Here's an updated version of your script:
Start-Transcript -Path "$PSScriptRoot\unreg.log"
$dsregOutput = Start-Process -FilePath "C:\Windows\System32\dsregcmd.exe" -ArgumentList "/status" -Wait -PassThru
$azureADJoinStatus = ($dsregOutput.StandardOutput | Select-String -Pattern "AzureAdJoined").Line.Split(":")[1].Trim()
... rest of your script ...
This should help you run the
dsregcmd
command successfully from PowerShell. -
MotoX80 32,331 Reputation points
2024-05-14T00:53:43.13+00:00 Well, it won't fix the "run as admin to leave" problem, but this version of your script should work better.
You don't need to use Invoke-Expression or use cmd to run an executable. Just invoke it directly.
But you should capture stderr (2>&1) in addition to stdout and verify that dsregcmd did return some output.I tested this in PS 5.1 on Win11. I do not have access to SCCM to test that part.
Start-Transcript -Path "$PSScriptRoot\unreg.log" $dsregOutput = C:\Windows\System32\dsregcmd.exe /status 2>&1 if ($dsregOutput) { $azureADJoinStatus = ($dsregOutput | Select-String -Pattern "AzureAdJoined").Line.Split(":")[1].Trim() Write-Host "Status is $azureADJoinStatus" if($azureADJoinStatus -eq "YES"){ try { $leave = C:\Windows\System32\dsregcmd.exe /leave 2>&1 if ($leave) { write-host "Device is unregister from Azure AD" write-host $leave } else { write-host "Dsregcmd /leave did not return any output." } } catch { write-host( "Error occurred: $_") } } else { write-host "Device is already unregistered from Azure Ad " } } else { write-host "Dsregcmd /status did not return any output." } Stop-Transcript
-
Anant Bera 106 Reputation points
2024-05-24T04:49:28.2133333+00:00 I got to know by default the SCCM is deploying the app packages as 32 bit process. while running as 32bit process the script is unable to locate the path "C:\Windows\System32\dsregcmd.exe" which is visible for the 64 bit process
We have changed the package structure to 64bit and changed the PowerShell path as 64 bit and it is working fine for me