Last active
March 11, 2022 04:02
-
-
Save talkingmoose/26783c13091181ff037a4ff60f5b3dce to your computer and use it in GitHub Desktop.
Reads a pre-defined Advanced Computer Search and gets list of newly enrolled devices and their usernames. Looks up usernames in Active Directory and retrieves more user detail. Populates devices records with additional user in Jamf Pro.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# INSTRUCTIONS | |
# Create a folder on the Administrator Desktop named "Project" | |
# Run the script to generate the AES key | |
# Run the script to generate the Active Directory encrypted password file | |
# Run the script to generate the Jamf Pro encrypted password file | |
# Update the following variables: | |
# JamfProServer | |
# JamfProUser | |
# JamfProSearch ID for a Advanced Mobile Device Search identifying newly enrolled devices | |
# DomainMember | |
# Run this script on a timer (every 1-5 minutes?) to find newly enrolled devices and populate user information from Active Directory | |
# Jamf Pro server connection information | |
$JamfProServer = "https://jamfpro.talkingmoose.net:8443" | |
$JamfProUser = "api-userinfo" | |
# read encrypted password and decrypt using AES key | |
$JamfProPassword = Get-Content C:\Users\Administrator\Desktop\Project\JamfPropassword.txt | ConvertTo-SecureString -Key (Get-Content C:\Users\Administrator\Desktop\Project\aes.key) | |
# Jamf Pro Advanced Mobile Device Search ID | |
$JamfProSearchID = "65" # Newly Enrolled Devices | |
# API URL | |
$LookupURL = "$JamfProServer/JSSResource/advancedmobiledevicesearches/id/$JamfProSearchID" | |
$MobileDeviceURL = "$JamfProServer/JSSResource/mobiledevices/id/" | |
# generate a credentials object for authenticating to Jamf Pro | |
$JamfCredential = New-Object System.Management.Automation.PSCredential($JamfProUser, $JamfProPassword) | |
# Active Directory connection user account | |
$DomainMember = "administrator" | |
# read encrypted password and decrypt using AES key | |
$ADPassword = Get-Content C:\Users\Administrator\Desktop\Project\ADpassword.txt | ConvertTo-SecureString -Key (Get-Content C:\Users\Administrator\Desktop\Project\aes.key) | |
# generate a credentials object for authenticating to Active Directory | |
$ADCredential = New-Object System.Management.Automation.PsCredential($DomainMember, $ADPassword) | |
# Force security protocol to TLS 1.2 | |
$tlsVersion = [System.Net.ServicePointManager]::SecurityProtocol | |
if ( $tlsVersion -eq 'Tls12') { | |
Write-Debug -msg 'TLS 12 is already available' | |
}else{ | |
Write-Host "TLS is $tlsVersion -- Setting v1.2..." | |
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
Write-Host -NoNewline "[info] Reading Security Protocol after setting to TLS 12: " | |
[System.Net.ServicePointManager]::SecurityProtocol | |
} | |
# run Jamf Pro search and return results | |
$response = Invoke-RestMethod -URI "${LookupURL}" -Credential $JamfCredential -Method Get -Headers @{"accept"="text/xml"} | |
# convert API response to PowerShell XML object | |
Write-Host "Converting API response to PS XML object" | |
try { | |
$xml = ([xml]($response)).advanced_mobile_device_search.mobile_devices | |
Write-Host "[status] OK" | |
} catch { | |
# Discovering the full type name of an exception | |
Write-Host "[Error]" $_.Exception.gettype().fullName | |
Write-Host "[Error]" $_.Exception.message | |
return | |
} | |
# create list of XML nodes in API response | |
$nodes = $xml.ChildNodes | |
# for every Jamf Pro object that is returned, | |
# extract name from Username field, | |
# look up information in Active Directory and | |
# populate the device record(s) associated to the user | |
foreach ($node in $nodes) { | |
# get username and device ID information for each device from returned XML | |
$Username = $node.Username | |
# test for and skip any empty values for Username | |
if ($Username -eq $null) | |
{ | |
continue | |
} | |
# extract Device ID from API response | |
$JamfProDeviceID = $node.JSS_Mobile_Device_ID | |
Write-Host Retrieving Active Directory information for username: $Username | |
Write-Host $Username is assigned to device ID: $JamfProDeviceID | |
# look up user in Active Directory with UPN | |
$UserInfo = Get-ADUser -Filter { UserPrincipalName -eq $Username } -Credential $ADCredential -Properties company, department, departmentNumber, displayName, division, l, mail, manager, memberOf, physicalDeliveryOfficeName, postalAddress, postalCode, st, streetAddress | select-object UserPrincipalName, company, department, departmentNumber, displayName, division, l, mail, @{n='Manager';e={(Get-ADUser $_.manager).name}}, @{n='MemberOf'; e= { ( $_.memberof | % { (Get-ADObject $_).Name }) -join "," }}, physicalDeliveryOfficeName, postalAddress, postalCode, st, streetAddress | |
# assign each AD property to a variable with the same name | |
[string]$UserPrincipalName = $UserInfo | Select UserPrincipalName | Format-Table -HideTableHeaders | out-string | |
Write-Host User Principal Name: $UserPrincipalName | |
[string]$company = $UserInfo | Select company | Format-Table -HideTableHeaders | out-string | |
Write-Host Company: $company | |
[string]$department = $UserInfo | Select department | Format-Table -HideTableHeaders | out-string | |
Write-Host Department: $department | |
[string]$departmentNumber = $UserInfo | Select departmentNumber | Format-Table -HideTableHeaders | out-string | |
Write-Host Department Number: $departmentNumber | |
[string]$displayName = $UserInfo | Select displayName | Format-Table -HideTableHeaders | out-string | |
Write-Host Display Name: $displayName | |
[string]$division = $UserInfo | Select division | Format-Table -HideTableHeaders | out-string | |
Write-Host Division: $division | |
[string]$l = $UserInfo | Select l | Format-Table -HideTableHeaders | out-string | |
Write-Host City: $l | |
[string]$mail = $UserInfo | Select mail | Format-Table -HideTableHeaders | out-string | |
Write-Host Email Address: $mail | |
[string]$manager = $UserInfo | Select manager | Format-Table -HideTableHeaders | out-string | |
Write-Host Manager: $manager | |
[string]$memberOf = $UserInfo | Select MemberOf | Format-Table -HideTableHeaders | out-string | |
Write-Host Group Membership: $memberOf | |
[string]$physicalDeliveryOfficeName = $UserInfo | Select physicalDeliveryOfficeName | Format-Table -HideTableHeaders | out-string | |
Write-Host Office Name: $physicalDeliveryOfficeName | |
[string]$postalAddress = $UserInfo | Select postalAddress | Format-Table -HideTableHeaders | out-string | |
Write-Host Postal Address: $postalAddress | |
[string]$postalCode = $UserInfo | Select postalCode | Format-Table -HideTableHeaders | out-string | |
Write-Host Zip Code: $postalCode | |
[string]$st = $UserInfo | Select st | Format-Table -HideTableHeaders | out-string | |
Write-Host State: $st | |
[string]$streetAddress = $UserInfo | Select streetAddress | Format-Table -HideTableHeaders | out-string | |
Write-Host Address: $streetAddress | |
# create XML for Location information in Jamf Pro | |
$BodyLocation = "<mobile_device><location><real_name>$displayName</real_name><email_address>$mail</email_address></location></mobile_device>" | |
# populate Location information in Jamf Pro | |
$responseLocation = Invoke-RestMethod -URI "$MobileDeviceURL$JamfProDeviceID" -Credential $JamfCredential -Method Put -ContentType 'text/xml' -Body "$BodyLocation" | |
Write-Host Response for Location: $responseLocation | |
# create XML for Extension Attribute information in Jamf Pro | |
$BodyExtensionAttribute = "<mobile_device><extension_attributes><extension_attribute><name>Address</name><value>$streetAddress</value></extension_attribute><extension_attribute><name>City</name><value>$l</value></extension_attribute><extension_attribute><name>Company</name><value>$company</value></extension_attribute><extension_attribute><name>Department Number</name><value>$departmentNumber</value></extension_attribute><extension_attribute><name>Dept.</name><value>$department</value></extension_attribute><extension_attribute><name>Division</name><value>$division</value></extension_attribute><extension_attribute><name>Group Memberships</name><value>$memberOf</value></extension_attribute><extension_attribute><name>Manager</name><value>$manager</value></extension_attribute><extension_attribute><name>Office</name><value>$physicalDeliveryOfficeName</value></extension_attribute><extension_attribute><name>State</name><value>$st</value></extension_attribute><extension_attribute><name>Street Address</name><value>$streetAddress</value></extension_attribute><extension_attribute><name>Zip Code</name><value>$postalCode</value></extension_attribute></extension_attributes></mobile_device>" | |
# populate Extension Attribute information in Jamf Pro | |
$responseExtensionAttribute = Invoke-RestMethod -URI "$MobileDeviceURL$JamfProDeviceID" -Credential $JamfCredential -Method Put -ContentType 'text/xml' -Body "$BodyExtensionAttribute" | |
Write-Host Response for Extension Attribute: $responseExtensionAttribute | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(get-credential).Password | ConvertFrom-SecureString -key (get-content C:\Users\Administrator\Desktop\Project\aes.key) | set-content "C:\Users\Administrator\Desktop\Project\ADpassword.txt" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(get-credential).Password | ConvertFrom-SecureString -key (get-content C:\Users\Administrator\Desktop\Project\aes.key) | set-content "C:\Users\Administrator\Desktop\Project\JamfPropassword.txt" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$Key = New-Object Byte[] 32 | |
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key) | |
$Key | out-file C:\Users\Administrator\Desktop\Project\aes.key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment