Detect-HybridJoinDrift

1.0

Detect-HybridJoinDrift.ps1

                                <#PSScriptInfo

.VERSION 1.0

.GUID 7f1c2b44-3e9a-4c0a-9d55-1b7e4c9f2a88

.AUTHOR Mert Efe Kanlikilic

.DESCRIPTION A script designed to detect Hybrid Join drift conditions across Intune and Entra-managed devices.

#>

try {

    $dsreg = dsregcmd /status | Out-String

    function Get-Value($name) {

        $match = ($dsreg | Select-String "$name\s*:\s*(\w+)").Matches

        if ($match.Count -gt 0) {

            return $match[0].Groups[1].Value

        }

        return "UNKNOWN"

    }

    $azureAdJoined = Get-Value "AzureAdJoined"

    $domainJoined  = Get-Value "DomainJoined"

    Write-Output "AzureAdJoined=$azureAdJoined, DomainJoined=$domainJoined"

    # Drift: Domain var ama AAD yok

    if ($domainJoined -eq "YES" -and $azureAdJoined -ne "YES") {

        Write-Output "Hybrid Join Drift detected"

        exit 1

    }

    exit 0

}

catch {

    Write-Output "Detection error: $_"

    exit 1

}