Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Reads a pre-defined Advanced Computer Search and gets list of newly enrolled devices and their usernames. Looks up usernames in Active Directory and retrieves more user detail. Populates devices records with additional user in Jamf Pro.
# INSTRUCTIONS
# Create a folder on the Administrator Desktop named "Project"
# Run the script to generate the AES key
# Run the script to generate the Active Directory encrypted password file
# Run the script to generate the Jamf Pro encrypted password file
# Update the following variables:
# JamfProServer
# JamfProUser
# JamfProSearch ID for a Advanced Mobile Device Search identifying newly enrolled devices
# DomainMember
# Run this script on a timer (every 1-5 minutes?) to find newly enrolled devices and populate user information from Active Directory
# Jamf Pro server connection information
$JamfProServer = "https://jamfpro.talkingmoose.net:8443"
$JamfProUser = "api-userinfo"
# read encrypted password and decrypt using AES key
$JamfProPassword = Get-Content C:\Users\Administrator\Desktop\Project\JamfPropassword.txt | ConvertTo-SecureString -Key (Get-Content C:\Users\Administrator\Desktop\Project\aes.key)
# Jamf Pro Advanced Mobile Device Search ID
$JamfProSearchID = "65" # Newly Enrolled Devices
# API URL
$LookupURL = "$JamfProServer/JSSResource/advancedmobiledevicesearches/id/$JamfProSearchID"
$MobileDeviceURL = "$JamfProServer/JSSResource/mobiledevices/id/"
# generate a credentials object for authenticating to Jamf Pro
$JamfCredential = New-Object System.Management.Automation.PSCredential($JamfProUser, $JamfProPassword)
# Active Directory connection user account
$DomainMember = "administrator"
# read encrypted password and decrypt using AES key
$ADPassword = Get-Content C:\Users\Administrator\Desktop\Project\ADpassword.txt | ConvertTo-SecureString -Key (Get-Content C:\Users\Administrator\Desktop\Project\aes.key)
# generate a credentials object for authenticating to Active Directory
$ADCredential = New-Object System.Management.Automation.PsCredential($DomainMember, $ADPassword)
# Force security protocol to TLS 1.2
$tlsVersion = [System.Net.ServicePointManager]::SecurityProtocol
if ( $tlsVersion -eq 'Tls12') {
Write-Debug -msg 'TLS 12 is already available'
}else{
Write-Host "TLS is $tlsVersion -- Setting v1.2..."
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Write-Host -NoNewline "[info] Reading Security Protocol after setting to TLS 12: "
[System.Net.ServicePointManager]::SecurityProtocol
}
# run Jamf Pro search and return results
$response = Invoke-RestMethod -URI "${LookupURL}" -Credential $JamfCredential -Method Get -Headers @{"accept"="text/xml"}
# convert API response to PowerShell XML object
Write-Host "Converting API response to PS XML object"
try {
$xml = ([xml]($response)).advanced_mobile_device_search.mobile_devices
Write-Host "[status] OK"
} catch {
# Discovering the full type name of an exception
Write-Host "[Error]" $_.Exception.gettype().fullName
Write-Host "[Error]" $_.Exception.message
return
}
# create list of XML nodes in API response
$nodes = $xml.ChildNodes
# for every Jamf Pro object that is returned,
# extract name from Username field,
# look up information in Active Directory and
# populate the device record(s) associated to the user
foreach ($node in $nodes) {
# get username and device ID information for each device from returned XML
$Username = $node.Username
# test for and skip any empty values for Username
if ($Username -eq $null)
{
continue
}
# extract Device ID from API response
$JamfProDeviceID = $node.JSS_Mobile_Device_ID
Write-Host Retrieving Active Directory information for username: $Username
Write-Host $Username is assigned to device ID: $JamfProDeviceID
# look up user in Active Directory with UPN
$UserInfo = Get-ADUser -Filter { UserPrincipalName -eq $Username } -Credential $ADCredential -Properties company, department, departmentNumber, displayName, division, l, mail, manager, memberOf, physicalDeliveryOfficeName, postalAddress, postalCode, st, streetAddress | select-object UserPrincipalName, company, department, departmentNumber, displayName, division, l, mail, @{n='Manager';e={(Get-ADUser $_.manager).name}}, @{n='MemberOf'; e= { ( $_.memberof | % { (Get-ADObject $_).Name }) -join "," }}, physicalDeliveryOfficeName, postalAddress, postalCode, st, streetAddress
# assign each AD property to a variable with the same name
[string]$UserPrincipalName = $UserInfo | Select UserPrincipalName | Format-Table -HideTableHeaders | out-string
Write-Host User Principal Name: $UserPrincipalName
[string]$company = $UserInfo | Select company | Format-Table -HideTableHeaders | out-string
Write-Host Company: $company
[string]$department = $UserInfo | Select department | Format-Table -HideTableHeaders | out-string
Write-Host Department: $department
[string]$departmentNumber = $UserInfo | Select departmentNumber | Format-Table -HideTableHeaders | out-string
Write-Host Department Number: $departmentNumber
[string]$displayName = $UserInfo | Select displayName | Format-Table -HideTableHeaders | out-string
Write-Host Display Name: $displayName
[string]$division = $UserInfo | Select division | Format-Table -HideTableHeaders | out-string
Write-Host Division: $division
[string]$l = $UserInfo | Select l | Format-Table -HideTableHeaders | out-string
Write-Host City: $l
[string]$mail = $UserInfo | Select mail | Format-Table -HideTableHeaders | out-string
Write-Host Email Address: $mail
[string]$manager = $UserInfo | Select manager | Format-Table -HideTableHeaders | out-string
Write-Host Manager: $manager
[string]$memberOf = $UserInfo | Select MemberOf | Format-Table -HideTableHeaders | out-string
Write-Host Group Membership: $memberOf
[string]$physicalDeliveryOfficeName = $UserInfo | Select physicalDeliveryOfficeName | Format-Table -HideTableHeaders | out-string
Write-Host Office Name: $physicalDeliveryOfficeName
[string]$postalAddress = $UserInfo | Select postalAddress | Format-Table -HideTableHeaders | out-string
Write-Host Postal Address: $postalAddress
[string]$postalCode = $UserInfo | Select postalCode | Format-Table -HideTableHeaders | out-string
Write-Host Zip Code: $postalCode
[string]$st = $UserInfo | Select st | Format-Table -HideTableHeaders | out-string
Write-Host State: $st
[string]$streetAddress = $UserInfo | Select streetAddress | Format-Table -HideTableHeaders | out-string
Write-Host Address: $streetAddress
# create XML for Location information in Jamf Pro
$BodyLocation = "<mobile_device><location><real_name>$displayName</real_name><email_address>$mail</email_address></location></mobile_device>"
# populate Location information in Jamf Pro
$responseLocation = Invoke-RestMethod -URI "$MobileDeviceURL$JamfProDeviceID" -Credential $JamfCredential -Method Put -ContentType 'text/xml' -Body "$BodyLocation"
Write-Host Response for Location: $responseLocation
# create XML for Extension Attribute information in Jamf Pro
$BodyExtensionAttribute = "<mobile_device><extension_attributes><extension_attribute><name>Address</name><value>$streetAddress</value></extension_attribute><extension_attribute><name>City</name><value>$l</value></extension_attribute><extension_attribute><name>Company</name><value>$company</value></extension_attribute><extension_attribute><name>Department Number</name><value>$departmentNumber</value></extension_attribute><extension_attribute><name>Dept.</name><value>$department</value></extension_attribute><extension_attribute><name>Division</name><value>$division</value></extension_attribute><extension_attribute><name>Group Memberships</name><value>$memberOf</value></extension_attribute><extension_attribute><name>Manager</name><value>$manager</value></extension_attribute><extension_attribute><name>Office</name><value>$physicalDeliveryOfficeName</value></extension_attribute><extension_attribute><name>State</name><value>$st</value></extension_attribute><extension_attribute><name>Street Address</name><value>$streetAddress</value></extension_attribute><extension_attribute><name>Zip Code</name><value>$postalCode</value></extension_attribute></extension_attributes></mobile_device>"
# populate Extension Attribute information in Jamf Pro
$responseExtensionAttribute = Invoke-RestMethod -URI "$MobileDeviceURL$JamfProDeviceID" -Credential $JamfCredential -Method Put -ContentType 'text/xml' -Body "$BodyExtensionAttribute"
Write-Host Response for Extension Attribute: $responseExtensionAttribute
}
(get-credential).Password | ConvertFrom-SecureString -key (get-content C:\Users\Administrator\Desktop\Project\aes.key) | set-content "C:\Users\Administrator\Desktop\Project\ADpassword.txt"
(get-credential).Password | ConvertFrom-SecureString -key (get-content C:\Users\Administrator\Desktop\Project\aes.key) | set-content "C:\Users\Administrator\Desktop\Project\JamfPropassword.txt"
$Key = New-Object Byte[] 32
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)
$Key | out-file C:\Users\Administrator\Desktop\Project\aes.key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.