# Preferences
$ErrorActionPreference = 'Stop'

# Get the list of user SIDs under HKEY_USERS
$users = Get-ChildItem -Path "Registry::HKEY_USERS"

# Function to extract domain from an email
function Get-DomainFromEmail {
    param ($email)
    return $email -replace '^[^@]+@', ''
}

# Initialize variable to store the CloudDomainJoin email domain
$cloudDomainEmailDomain = $null

# Check the CloudDomainJoin registry path for UserEmail
$cloudDomainJoinPath = "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\JoinInfo"
$cloudGuids = Get-ChildItem -Path $cloudDomainJoinPath -ErrorAction SilentlyContinue

foreach ($cloudGuid in $cloudGuids) {
    # Check if UserEmail key exists
    $cloudUserEmailPath = "$cloudDomainJoinPath\$($cloudGuid.PSChildName)"
    $cloudUserEmailKey = Get-ItemProperty -Path $cloudUserEmailPath -ErrorAction SilentlyContinue

    if ($cloudUserEmailKey.PSObject.Properties['UserEmail']) {
        $cloudUserEmail = $cloudUserEmailKey.UserEmail
        Write-Host "CloudDomainJoin UserEmail found: $cloudUserEmail"

        # Extract domain from CloudDomainJoin email
        $cloudDomainEmailDomain = Get-DomainFromEmail -email $cloudUserEmail
        Write-Host "CloudDomainJoin UserEmail domain: $cloudDomainEmailDomain"
        break
    }
}

# Variable to track if any JoinInfo was found
$joinInfoFound = $false

# Loop through each user SID
foreach ($user in $users) {
    $joinInfoBasePath = "Registry::HKEY_USERS\$($user.PSChildName)\Software\Microsoft\Windows NT\CurrentVersion\WorkplaceJoin\JoinInfo"

    # Check if the JoinInfo base key exists
    if (Test-Path -Path $joinInfoBasePath) {
        # Set joinInfoFound to true if any entry is found
        $joinInfoFound = $true

        # Get all GUID-based subkeys under JoinInfo
        $guidSubKeys = Get-ChildItem -Path $joinInfoBasePath

        foreach ($guidSubKey in $guidSubKeys) {
            $guidPath = "$joinInfoBasePath\$($guidSubKey.PSChildName)"

            # Get the registry key values for the specific GUID
            $keyValues = Get-ItemProperty -Path $guidPath

            # Check if the UserEmail key exists and display it
            if ($keyValues.PSObject.Properties['UserEmail']) {
                $userEmail = $keyValues.UserEmail
                $userDomain = Get-DomainFromEmail -email $userEmail
                Write-Host "Found WorkPlace Account with UserEmail: $userEmail for user: $($user.PSChildName)"

                # Compare the domain with CloudDomainJoin UserEmail domain
                if ($cloudDomainEmailDomain -and ($userDomain -ne $cloudDomainEmailDomain)) {
                    Write-Host "Mismatch detected: $userEmail domain ($userDomain) does not match CloudDomainJoin domain ($cloudDomainEmailDomain)"
		    exit 1 
                }
            }
            else {
                Write-Host "No UserEmail found in Workplace Join for user: $($user.PSChildName)"
            }
        }
    }
}

# Check if no JoinInfo was found and exit with a message
if (-not $joinInfoFound) {
    Write-Host "No Workplace Join entries found in the HKCU registry path for any user."
    }

# End of Script
Write-Host "Workplace Join entries checked successfully."