Reads a pre-defined Advanced Computer Search and gets list of newly enrolled devices and their usernames. Looks up usernames in Active Directory and retrieves more user detail. Populates devices records with additional user in Jamf Pro.

add-AD-user-data-to-Jamf-Pro.ps1

# INSTRUCTIONS

# Create a folder on the Administrator Desktop named "Project"

# Run the script to generate the AES key
# Run the script to generate the Active Directory encrypted password file
# Run the script to generate the Jamf Pro encrypted password file

# Update the following variables:
# JamfProServer
# JamfProUser
# JamfProSearch ID for a Advanced Mobile Device Search identifying newly enrolled devices
# DomainMember

# Run this script on a timer (every 1-5 minutes?) to find newly enrolled devices and populate user information from Active Directory


# Jamf Pro server connection information
$JamfProServer = "https://jamfpro.talkingmoose.net:8443"
$JamfProUser = "api-userinfo"

# read encrypted password and decrypt using AES key
$JamfProPassword = Get-Content C:\Users\Administrator\Desktop\Project\JamfPropassword.txt | ConvertTo-SecureString -Key (Get-Content C:\Users\Administrator\Desktop\Project\aes.key)

# Jamf Pro Advanced Mobile Device Search ID
$JamfProSearchID = "65" # Newly Enrolled Devices

# API URL
$LookupURL = "$JamfProServer/JSSResource/advancedmobiledevicesearches/id/$JamfProSearchID"
$MobileDeviceURL = "$JamfProServer/JSSResource/mobiledevices/id/"

# generate a credentials object for authenticating to Jamf Pro
$JamfCredential = New-Object System.Management.Automation.PSCredential($JamfProUser, $JamfProPassword)

# Active Directory connection user account
$DomainMember = "administrator"

# read encrypted password and decrypt using AES key
$ADPassword = Get-Content C:\Users\Administrator\Desktop\Project\ADpassword.txt | ConvertTo-SecureString -Key (Get-Content C:\Users\Administrator\Desktop\Project\aes.key)

# generate a credentials object for authenticating to Active Directory
$ADCredential = New-Object System.Management.Automation.PsCredential($DomainMember, $ADPassword)

# Force security protocol to TLS 1.2
$tlsVersion = [System.Net.ServicePointManager]::SecurityProtocol
if ( $tlsVersion -eq 'Tls12') {
  Write-Debug -msg 'TLS 12 is already available' 
}else{
  Write-Host "TLS is $tlsVersion -- Setting v1.2..."
  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
  Write-Host -NoNewline "[info] Reading Security Protocol after setting to TLS 12: "
  [System.Net.ServicePointManager]::SecurityProtocol
}

# run Jamf Pro search and return results
$response = Invoke-RestMethod -URI "${LookupURL}" -Credential $JamfCredential -Method Get -Headers @{"accept"="text/xml"}

# convert API response to PowerShell XML object
Write-Host "Converting API response to PS XML object"
try {
    $xml = ([xml]($response)).advanced_mobile_device_search.mobile_devices
    Write-Host "[status] OK"
 } catch {
    # Discovering the full type name of an exception
    Write-Host "[Error]" $_.Exception.gettype().fullName
    Write-Host "[Error]" $_.Exception.message
    return
}

# create list of XML nodes in API response
$nodes = $xml.ChildNodes

# for every Jamf Pro object that is returned,
# extract name from Username field,
# look up information in Active Directory and
# populate the device record(s)  associated to the user
foreach ($node in $nodes) {

  # get username and device ID information for each device from returned XML
  $Username = $node.Username

  # test for and skip any empty values for Username
  if ($Username -eq $null)
  {
    continue
  }

  # extract Device ID from API response
  $JamfProDeviceID = $node.JSS_Mobile_Device_ID

  Write-Host Retrieving Active Directory information for username: $Username
  Write-Host $Username is assigned to device ID: $JamfProDeviceID

  # look up user in Active Directory with UPN
  $UserInfo = Get-ADUser -Filter { UserPrincipalName -eq $Username } -Credential $ADCredential -Properties company, department, departmentNumber, displayName, division, l, mail, manager, memberOf, physicalDeliveryOfficeName, postalAddress, postalCode, st, streetAddress | select-object UserPrincipalName, company, department, departmentNumber, displayName, division, l, mail, @{n='Manager';e={(Get-ADUser $_.manager).name}}, @{n='MemberOf'; e= { ( $_.memberof | % { (Get-ADObject $_).Name }) -join "," }}, physicalDeliveryOfficeName, postalAddress, postalCode, st, streetAddress

  # assign each AD property to a variable with the same name

  [string]$UserPrincipalName = $UserInfo | Select UserPrincipalName | Format-Table -HideTableHeaders | out-string
  Write-Host User Principal Name: $UserPrincipalName

  [string]$company = $UserInfo | Select company | Format-Table -HideTableHeaders | out-string
  Write-Host Company: $company

  [string]$department = $UserInfo | Select department | Format-Table -HideTableHeaders | out-string
  Write-Host Department: $department

  [string]$departmentNumber = $UserInfo | Select departmentNumber | Format-Table -HideTableHeaders | out-string
  Write-Host Department Number: $departmentNumber

  [string]$displayName = $UserInfo | Select displayName | Format-Table -HideTableHeaders | out-string
  Write-Host Display Name: $displayName

  [string]$division = $UserInfo | Select division | Format-Table -HideTableHeaders | out-string
  Write-Host Division: $division

  [string]$l = $UserInfo | Select l | Format-Table -HideTableHeaders | out-string
  Write-Host City: $l

  [string]$mail = $UserInfo | Select mail | Format-Table -HideTableHeaders | out-string
  Write-Host Email Address: $mail

  [string]$manager = $UserInfo | Select manager | Format-Table -HideTableHeaders | out-string
  Write-Host Manager: $manager

  [string]$memberOf = $UserInfo | Select MemberOf | Format-Table -HideTableHeaders | out-string
  Write-Host Group Membership: $memberOf

  [string]$physicalDeliveryOfficeName = $UserInfo | Select physicalDeliveryOfficeName | Format-Table -HideTableHeaders | out-string
  Write-Host Office Name: $physicalDeliveryOfficeName

  [string]$postalAddress = $UserInfo | Select postalAddress | Format-Table -HideTableHeaders | out-string
  Write-Host Postal Address: $postalAddress

  [string]$postalCode = $UserInfo | Select postalCode | Format-Table -HideTableHeaders | out-string
  Write-Host Zip Code: $postalCode

  [string]$st = $UserInfo | Select st | Format-Table -HideTableHeaders | out-string
  Write-Host State: $st

  [string]$streetAddress = $UserInfo | Select streetAddress | Format-Table -HideTableHeaders | out-string
  Write-Host Address: $streetAddress

  # create XML for Location information in Jamf Pro
  $BodyLocation = "<mobile_device><location><real_name>$displayName</real_name><email_address>$mail</email_address></location></mobile_device>"

  # populate Location information in Jamf Pro
  $responseLocation = Invoke-RestMethod -URI "$MobileDeviceURL$JamfProDeviceID" -Credential $JamfCredential -Method Put -ContentType 'text/xml' -Body "$BodyLocation"
  Write-Host Response for Location: $responseLocation

  # create XML for Extension Attribute information in Jamf Pro
  $BodyExtensionAttribute = "<mobile_device><extension_attributes><extension_attribute><name>Address</name><value>$streetAddress</value></extension_attribute><extension_attribute><name>City</name><value>$l</value></extension_attribute><extension_attribute><name>Company</name><value>$company</value></extension_attribute><extension_attribute><name>Department Number</name><value>$departmentNumber</value></extension_attribute><extension_attribute><name>Dept.</name><value>$department</value></extension_attribute><extension_attribute><name>Division</name><value>$division</value></extension_attribute><extension_attribute><name>Group Memberships</name><value>$memberOf</value></extension_attribute><extension_attribute><name>Manager</name><value>$manager</value></extension_attribute><extension_attribute><name>Office</name><value>$physicalDeliveryOfficeName</value></extension_attribute><extension_attribute><name>State</name><value>$st</value></extension_attribute><extension_attribute><name>Street Address</name><value>$streetAddress</value></extension_attribute><extension_attribute><name>Zip Code</name><value>$postalCode</value></extension_attribute></extension_attributes></mobile_device>"

  # populate Extension Attribute information in Jamf Pro
  $responseExtensionAttribute = Invoke-RestMethod -URI "$MobileDeviceURL$JamfProDeviceID" -Credential $JamfCredential -Method Put -ContentType 'text/xml' -Body "$BodyExtensionAttribute"
  Write-Host Response for Extension Attribute: $responseExtensionAttribute

}

generate-encrypted-AD-password-file.ps1

(get-credential).Password | ConvertFrom-SecureString -key (get-content C:\Users\Administrator\Desktop\Project\aes.key) | set-content "C:\Users\Administrator\Desktop\Project\ADpassword.txt"

generate-encrypted-JamfPro-password-file.ps1

(get-credential).Password | ConvertFrom-SecureString -key (get-content C:\Users\Administrator\Desktop\Project\aes.key) | set-content "C:\Users\Administrator\Desktop\Project\JamfPropassword.txt"

generate-key.ps1

$Key = New-Object Byte[] 32
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)
$Key | out-file C:\Users\Administrator\Desktop\Project\aes.key