Before the advent of Windows 10 and the Modern Desktop era, it was easy for system administrators to determine whether Windows was joined to a Windows Server Active Directory (AD) domain. You opened the Control Panel, and in the System applet would be written the Fully-Qualified Domain Name (FQDN) of an Active Directory domain if the device was joined to AD. You could further test whether there was really a connection between the device and AD by using nltest.exe, a command built-in to Windows that can be used to confirm that there is a secure channel between device and domain controller (DC).
As more organizations move to the cloud, it is increasingly common to join Windows 10 to Azure Active Directory (AAD), the cloud-native directory service used by Microsoft 365 and Office 365. Joining Windows 10 to AAD allows organizations to fully manage devices much like is possible with Windows Server Active Directory, although Windows Server AD still offers more granular control than is currently possible with AAD. There’s also the option to perform a hybrid Azure AD domain join, where Windows 10 devices are joined to Windows Server AD and registered, but not connected, to AAD. In this article, I’m going to look at Windows 10 devices joined only to AAD.
If you don’t know much about AAD or have never joined Windows 10 to AAD, check out Join Windows 10 to Azure Active Directory During OOBE on Petri. You should also make sure you understand the difference between a device that is registered with AAD and one that is connected (joined) to AAD.
Azure AD and the Windows 10 Settings App
Once you’ve performed an Azure AD domain join in Windows 10 and logged in using an AAD user account, you need to head to the Settings app to confirm the connection with AAD. While many Windows settings can still be configured in the legacy Control Panel, all new features are set up and configured in the Settings app, which you can open by pressing the WINDOWS key + I, or from the Start menu.
If experienced sysadmins always knew where to look in the Control Panel, the Settings app might leave you scratching your head. I tend to still use the Control Panel because as a matter of habit I can find legacy settings without having to think about where to look. Or maybe it’s the sometimes questionable design and terminology used in the Settings app that puts me off ditching the Control Panel because often it is not obvious where to look for a setting.
Check Windows 10 Azure AD Domain Connectivity
Here are a few simple steps that you can follow to confirm whether Windows 10 is joined to an Azure Active Directory domain.
- Open the Windows 10 Settings app by pressing WIN+I or from the Start menu.
- Go to Accounts in the Settings app.
- Click Access work or school in the list of options on the left.
- If the device is joined to AAD, or ‘connected’ in Microsoft parlance, you should see the connection to your AAD domain listed.
- Click on your AAD domain and then click the Info
- On the ‘Managed by’ screen, you should see the name of your AAD domain at the top, in my case RSITC, and the name of a management server and Exchange ID in the area below Connection info.
- Below Device sync status, you should see the last time the device successfully synchronized with AAD. You can force a sync to happen immediately by clicking Sync.
- If you need more advanced troubleshooting information, click Create report under Advanced Diagnostic Report. The report is exported in HTML format to C:\Users\Public\Documents\MDMDiagnostics\.
And that’s it. What can be confusing at first is needing to look in Accounts and not System in the Settings app. To further complicate the situation, AAD accounts also appear in the Email & accounts section of Accounts but from here you can’t confirm an AAD join using the steps described above.