This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LsAgent and Azure Ad Joined devices

WANOLOIS
Engaged Sweeper II

‎08-10-2021 04:33 PM

Hi,

LsAgent doesn't seem to recognise the domain on Azure AD joined laptops, and displays the logged on user as WORKGROUP\username.

Is there a way to correct this or will LsAgent fix this in the future and recognise the device and users are part of an Azure AD domain?

Thanks!
Labels:
9 REPLIES 9
hyvokar
Engaged Sweeper II

‎09-03-2024 08:21 AM

I have same issue, running 11.4.0.3

Autopilot/azure-ad joined machines are shown being part of "Workgroup" instead of the domain. 
Would it possible to indicate somehow that the machine is azure-ad joined, even if the domain name is not possible to show? 

0 Kudos
altu
Engaged Sweeper II
In response to hyvokar

‎09-03-2024 08:32 AM

We are currently migrating to Azure AD and are at 50%

Lansweeper became pretty useless for those devices in Azure AD. Very confusing reports.

Hope they will fix this soon.

0 Kudos
dwinters2022
Engaged Sweeper II

‎08-14-2023 09:21 PM

Hello! We are migrating to Autopilot and Intune and joining our devices to AzureAD. 
This will make Lansweeper not very useable for us if it can't see these machines anymore...

0 Kudos
KrisK
Lansweeper Tech Support
Lansweeper Tech Support
In response to dwinters2022

‎09-04-2023 02:43 PM

Hello,

This problem should have been resolved in Lansweeper version 10.3 and higher. It is assumed to be LAN-13956 in our changelog (https://www.lansweeper.com/changelog/ ).

If you would still encounter this problem with the latest version, please contact Support@lansweeper.com.

Thanks! 

0 Kudos
altu
Engaged Sweeper II
In response to KrisK

‎09-03-2024 07:15 AM

This issue is still not resolved.

We are running version v. 11.2.0.3 and still see our AAD Joined devices as "WORKGROUP" joined.

__PRESENT

__PRESENT

0 Kudos
KrisK
Lansweeper Tech Support
Lansweeper Tech Support
In response to altu

‎09-10-2024 06:18 PM

Actually, LAN-13956 was about Entra Id(Azure Ad) users being erroneously identified as WORKGROUP\username. That should have been fixed.

The assets are indeed still identified as being a member of WORKGROUP, because that's what they report back to us via the WMI calls. Currently, we only scan users and groups from Entra Id. See https://community.lansweeper.com/t5/scanning-your-network/scan-microsoft-entra-id-azure-ad-users-and... for more details.

 

0 Kudos
altu
Engaged Sweeper II
In response to KrisK

‎09-11-2024 08:56 AM

I got mixed signals when I contacted support about this. To me it was suggested to enable user and group scan in Entra as a solution (though I couldn't understand how that would have fixed the issue). 

I hope that Lansweeper acknowledges this issue as something serious. It honestly messes up all your reports and compliancy checks because you cannot distinguish domain joined, Azure AD joined and rogue (workgroup joined) devices.

It is true that WMI does return either the domain or Workgroup. But I guess Lansweeper could work around this by also querying the registry.

I have a PowerShell script where I query WMI and the registry for that info...

 

# Get the computer system information
$ComputerSystem = Get-WmiObject -Class Win32_ComputerSystem

# Initialize join type and description variables
$JoinType = "Unknown"
$JoinDescription = ""

# Check if the device is part of a domain
if ($ComputerSystem.PartOfDomain) {
    # Check the domain role and output the domain name
    switch ($ComputerSystem.DomainRole) {
        0 { 
            $JoinType = "Standalone Workstation" 
            $JoinDescription = "The computer is not connected to a domain and operates as a standalone workstation in a workgroup."
        }
        1 { 
            $JoinType = "Member Workstation" 
            $JoinDescription = "The computer is part of the domain '$($ComputerSystem.Domain)' and operates as a workstation managed by a domain controller."
        }
        2 { 
            $JoinType = "Standalone Server" 
            $JoinDescription = "The computer is a standalone server, not part of a domain."
        }
        3 { 
            $JoinType = "Member Server" 
            $JoinDescription = "The computer is part of the domain '$($ComputerSystem.Domain)' and operates as a server managed by a domain controller."
        }
        4 { 
            $JoinType = "Backup Domain Controller" 
            $JoinDescription = "The computer is a backup domain controller in the domain '$($ComputerSystem.Domain)'. It helps manage domain authentication and services."
        }
        5 { 
            $JoinType = "Primary Domain Controller" 
            $JoinDescription = "The computer is the primary domain controller in the domain '$($ComputerSystem.Domain)'. It is responsible for managing domain resources, authentication, and policies."
        }
    }
}
else {
    # Check if the device is Azure AD joined by querying the correct registry key
    $RegistryPath = "HKLM:\SOFTWARE\Microsoft\Enrollments"
    $Enrollments = Get-ChildItem -Path $RegistryPath -ErrorAction SilentlyContinue

    $AzureADJoined = $false

    foreach ($Enrollment in $Enrollments) {
        $EnrollmentPath = $Enrollment.PSPath
        $JoinTypeKey = Get-ItemProperty -Path $EnrollmentPath -ErrorAction SilentlyContinue

        # Check if the enrollment is related to Azure AD
        if ($JoinTypeKey -and $JoinTypeKey.AADTenantID -ne $null) {
            $AzureADJoined = $true
            break
        }
    }

    # Set the join type based on the registry check
    if ($AzureADJoined) {
        $JoinType = "Azure AD Joined"
        $JoinDescription = "The device is joined to Azure Active Directory."
    }
    else {
        # If not Azure AD joined, assume it's a Workgroup device
        $JoinType = "Workgroup"
        $JoinDescription = "The computer is not part of a domain or Azure AD, and is in a workgroup."
    }
}

# Output the join type and description
$JoinType
$JoinDescription

 

 

__PRESENT

Faros
Engaged Sweeper

‎01-26-2023 02:01 PM

Hi,

I would like to know if you managed to solve this problem, or if the Lansweeper support helped with a solution, because I am facing the same error with my device

Thanks

0 Kudos
Marcus
Engaged Sweeper

‎01-24-2022 01:08 PM

WANOLOIS wrote:
Hi,

LsAgent doesn't seem to recognise the domain on Azure AD joined laptops, and displays the logged on user as WORKGROUP\username.

Is there a way to correct this or will LsAgent fix this in the future and recognise the device and users are part of an Azure AD domain?

Thanks!



Hey, we have this issue too. Our estate is modern and we are looking to Drop all domain controllers this year. I approached support looking for a way to MAP the user.name from the /workgroup user and 365 sync user.

Support unfortunately said no. Hopefully, they consider this soon!

Hello Marcus,

Thank you for contacting Lansweeper support!

Currently, the only relationships you can set are
assets to users
assets to other assets
You cannot create user relations or map local users to domain users.
Users are believed to be unique (like in Windows you have a unique SID for users) and there is no mechanism in our application to link these.

Kind regards,
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now