Solved

How to remove a Mobile Device from All Groups with an API Call?

Forum|Forum|6 years ago
December 20, 2018
11 replies
59 views

+15

Hugonaut
Esteemed Contributor

Background information: I need to mass remove all devices from all groups via api

I've been reading through all the API Calls available from jamfs /api page, i've come to the conclusion if it would be anywhere, it would be here

[https://ENTERJSS.URLHERE] :8443/api/#!/mobiledevicecommands/createMobileDeviceCommandURL_post

but via "Delete" (assuming a Remove From Groups Option is an available command) instead of "Post" but "Post" is all that's available. Am I missing something?

Does anyone know of a way to remove an iOS Device from all static groups via API Call?

Thank you

Best answer by ryan_ball

@Hugonaut I came up with a script for you that will take a mobile device ID and remove it from any static groups it is a member of. You really need a good XML parser to make this easier, I prefer xmlstarlet and this script leverages that. To install xmlstarlet you can install homebrew using this command:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Then install xmlstarlet with this command:

brew install xmlstarlet

Here is the script:

#!/bin/bash
# written by Ryan Ball

loggedInUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
jssURL=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url | sed s'/.$//')
outputDir="/Users/$loggedInUser/Documents/Export_$(date +%m-%d-%Y)"

# Make sure xmlstarlet is installed
if ! which xmlstarlet ; then
    echo "You must install xmlstarlet before using this script."
    echo "Try "brew install xmlstarlet""
    exit 1
fi

clear
echo -n "Enter JSS Username: "
read -r jssUser
clear

echo -n "Enter $jssUser's Pass: "
read -r -s jssPass
clear

echo -n "Enter the Mobile Device ID that you want to remove from Static Groups: "
read -r deviceID

read -r -p "Are you sure you want to remove Mobile Device with ID $deviceID from all Static Groups? [y/N] " response
if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
then
    echo "Continuing..."
else
    echo "Done!"
    exit 0
fi

mkdir -p "$outputDir"

echo "Getting list of groups for device with ID $deviceID..."
deviceGroupIDs=($(curl -X GET -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevices/id/$deviceID" | xmlstarlet sel -t -v '//mobile_device/mobile_device_groups/mobile_device_group/id')) # | xmlstarlet sel -t -m "/mobile_device_groups/mobile_device_group[is_smart='false']" -v id -n))


echo "Getting list of Static mobile device groups..."
staticGroupIDs+=($(curl -X GET -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevicegroups" | xmlstarlet sel -t -m "/mobile_device_groups/mobile_device_group[is_smart='false']" -v id -n))

echo "Determining Group membership..."
staticGroupsTheDeviceIsIn=($(echo "${staticGroupIDs[@]}" "${deviceGroupIDs[@]}" | tr ' ' '
' | sort | uniq -d))
echo "Device ID $deviceID is in ${#deviceGroupIDs[@]} groups total; ${#staticGroupsTheDeviceIsIn[@]} of which are Static."
sleep 3

for id in "${staticGroupsTheDeviceIsIn[@]}"; do
    echo "Obtaining name of mobile device Static Group with ID: $id"
    groupName=$(curl -X GET -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevicegroups/id/$id" | xmlstarlet sel -t -v '//mobile_device_group/name')
    if [[ -n "$groupName" ]]; then
        echo "Writing XML of mobile device Static Group "$groupName" to the output file..."
        curl -X GET -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevicegroups/id/$id" -o "${outputDir}/Backup_${id}_${groupName}.xml"
        if [[ -f "${outputDir}/Backup_${id}_${groupName}.xml" ]]; then
            modifiedXML=$(xmlstarlet ed -d '//mobile_device[id='"$deviceID"']' "${outputDir}/Backup_${id}_${groupName}.xml")
            putXML=$(curl -X PUT -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevicegroups/id/$id" -H "Content-Type: text/xml" -d "$modifiedXML" 2> /dev/null)
            if [[ -n "$putXML" ]]; then
                echo "Success; Static Group "$groupName" (ID $id) was successfully modified."
            else
                echo "Error; failed to modify Static Group "$groupName" (ID $id)."
                sleep 1
            fi
        else
            echo "Error; could not write XML data locally."
            sleep 1
        fi
    else
        echo "Error; can't GET name of Static Group with ID: $id"
        sleep 1
    fi
done

echo "Done!"

exit 0

Enjoy!

+18

ryan_ball
Contributor
Forum|Forum|6 years ago
December 20, 2018

If you are referring to smart groups, you would not be able to do that as smart groups are populated dynamically based on attributes of the device; i.e. apps installed, username, building, etc.

To remove a device from all static groups, you'd need to get the ID of the device, loop through all the static groups and check to see if the device is in each group, get the xml of the static group if the device's ID is detected in the group, remove it from the XML, then PUT the new XML for the static group.

+15

Hugonaut
Author
Esteemed Contributor
Forum|Forum|6 years ago
December 20, 2018

@ryan.ball brilliant, you're good man! so, i dont need to check against it, BUT I will go ahead and overwrite the xml with a blank slate. I will test this, thank you!

Looking for a Jamf Managed Service Provider? Look no further than Rocketman Tech! Virtual MacAdmins Monthly Meetup - First Friday, Every Month

+18

ryan_ball
Contributor
Forum|Forum|6 years ago
December 20, 2018

I would assume the XML you'd need to modify would be the static group's XML, not the device's.

+15

Hugonaut
Author
Esteemed Contributor
Forum|Forum|6 years ago
December 21, 2018

@ryan.ball really appreciate it, outside of the box thinking, you always come through with great solutions.

Looking for a Jamf Managed Service Provider? Look no further than Rocketman Tech! Virtual MacAdmins Monthly Meetup - First Friday, Every Month

+15

Hugonaut
Author
Esteemed Contributor
Forum|Forum|6 years ago
December 27, 2018

@ryan.ball any idea where a static groups xml sheet would be located?! I'm having trouble locating it

Looking for a Jamf Managed Service Provider? Look no further than Rocketman Tech! Virtual MacAdmins Monthly Meetup - First Friday, Every Month

+14

exno
Contributor
Forum|Forum|6 years ago
December 27, 2018

@Hugonaut you can do a GET call to pull down an xml file of the static groups. or go to https://yourjamfproserver.company.com:8443/api and run the Try Out process to get the XML response. You would need the name or ID for this though.

/JSSResource/mobiledevicegroups/id/{id}
/JSSResource/mobiledevicegroups/name/{name}

If you don't have a list of all static group names or IDs you could use

/JSSResource/mobiledevicegroups

and look for

<is_smart>false</is_smart>

could be useful to feed your script the static groups that you are trying to zero out.

Also if you are in the macadmins Slack workspace, you can check #jss-api channel for help as well.

- I am @exno or @exnozero on almost everything that exists.

+15

Hugonaut
Author
Esteemed Contributor
Forum|Forum|6 years ago
December 27, 2018

Thank you @exno i'm familiar with that part and know where to look as far as the url goes - :8443/JSSResource/mobiledevicegroups/id/## -

I just want to know where that darn sheet lives! and if it doesn't "live" somewhere accessible, how to replace it with a blank slate and containing no devices

Looking for a Jamf Managed Service Provider? Look no further than Rocketman Tech! Virtual MacAdmins Monthly Meetup - First Friday, Every Month

+18

ryan_ball
Contributor
Answer
Forum|Forum|6 years ago
January 8, 2019

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Then install xmlstarlet with this command:

brew install xmlstarlet

Here is the script:

#!/bin/bash
# written by Ryan Ball

loggedInUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
jssURL=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url | sed s'/.$//')
outputDir="/Users/$loggedInUser/Documents/Export_$(date +%m-%d-%Y)"

# Make sure xmlstarlet is installed
if ! which xmlstarlet ; then
    echo "You must install xmlstarlet before using this script."
    echo "Try "brew install xmlstarlet""
    exit 1
fi

clear
echo -n "Enter JSS Username: "
read -r jssUser
clear

echo -n "Enter $jssUser's Pass: "
read -r -s jssPass
clear

echo -n "Enter the Mobile Device ID that you want to remove from Static Groups: "
read -r deviceID

read -r -p "Are you sure you want to remove Mobile Device with ID $deviceID from all Static Groups? [y/N] " response
if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
then
    echo "Continuing..."
else
    echo "Done!"
    exit 0
fi

mkdir -p "$outputDir"

echo "Getting list of groups for device with ID $deviceID..."
deviceGroupIDs=($(curl -X GET -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevices/id/$deviceID" | xmlstarlet sel -t -v '//mobile_device/mobile_device_groups/mobile_device_group/id')) # | xmlstarlet sel -t -m "/mobile_device_groups/mobile_device_group[is_smart='false']" -v id -n))


echo "Getting list of Static mobile device groups..."
staticGroupIDs+=($(curl -X GET -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevicegroups" | xmlstarlet sel -t -m "/mobile_device_groups/mobile_device_group[is_smart='false']" -v id -n))

echo "Determining Group membership..."
staticGroupsTheDeviceIsIn=($(echo "${staticGroupIDs[@]}" "${deviceGroupIDs[@]}" | tr ' ' '
' | sort | uniq -d))
echo "Device ID $deviceID is in ${#deviceGroupIDs[@]} groups total; ${#staticGroupsTheDeviceIsIn[@]} of which are Static."
sleep 3

for id in "${staticGroupsTheDeviceIsIn[@]}"; do
    echo "Obtaining name of mobile device Static Group with ID: $id"
    groupName=$(curl -X GET -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevicegroups/id/$id" | xmlstarlet sel -t -v '//mobile_device_group/name')
    if [[ -n "$groupName" ]]; then
        echo "Writing XML of mobile device Static Group "$groupName" to the output file..."
        curl -X GET -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevicegroups/id/$id" -o "${outputDir}/Backup_${id}_${groupName}.xml"
        if [[ -f "${outputDir}/Backup_${id}_${groupName}.xml" ]]; then
            modifiedXML=$(xmlstarlet ed -d '//mobile_device[id='"$deviceID"']' "${outputDir}/Backup_${id}_${groupName}.xml")
            putXML=$(curl -X PUT -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevicegroups/id/$id" -H "Content-Type: text/xml" -d "$modifiedXML" 2> /dev/null)
            if [[ -n "$putXML" ]]; then
                echo "Success; Static Group "$groupName" (ID $id) was successfully modified."
            else
                echo "Error; failed to modify Static Group "$groupName" (ID $id)."
                sleep 1
            fi
        else
            echo "Error; could not write XML data locally."
            sleep 1
        fi
    else
        echo "Error; can't GET name of Static Group with ID: $id"
        sleep 1
    fi
done

echo "Done!"

exit 0

Enjoy!

+15

Hugonaut
Author
Esteemed Contributor
Forum|Forum|6 years ago
January 10, 2019

@ryan.ball

Thank you very much! You're the man, Jamf really needs some kind of point system on the forum! haha

Gonna put this to work.

Looking for a Jamf Managed Service Provider? Look no further than Rocketman Tech! Virtual MacAdmins Monthly Meetup - First Friday, Every Month

TexasITAdmin
Contributor
Forum|Forum|9 months ago
February 7, 2025

Any chance someone could take a new look at the script above? It doesn't seem to be working anymore. I get the following results when running it now. The device in question should be in two groups.

Getting list of groups for device with ID 7405...
-:10.5: Opening and ending tag mismatch: br line 8 and p
</p>
    ^
-:11.8: Opening and ending tag mismatch: p line 8 and body
</body>
       ^
-:12.8: Opening and ending tag mismatch: body line 5 and html
</html>
       ^
-:12.8: Premature end of data in tag html line 1
</html>
       ^
Getting list of Static mobile device groups...
-:10.5: Opening and ending tag mismatch: br line 8 and p
</p>
    ^
-:11.8: Opening and ending tag mismatch: p line 8 and body
</body>
       ^
-:12.8: Opening and ending tag mismatch: body line 5 and html
</html>
       ^
-:12.8: Premature end of data in tag html line 1
</html>
       ^
Determining Group membership...
Device ID 7405 is in 0 groups total; 0 of which are Static.
Done!

TexasITAdmin
Contributor
Forum|Forum|9 months ago
February 7, 2025

I have resolved my own issue.

Below is a new version of the script that uses the new bearer token authentication. The old script was still using the old curl method.

Hope this helps anyone who needs to remove a large number of static groups from a mobile device.

#!/bin/bash
# Updated with help from the Jamf API Documentation and ChatGPT

loggedInUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username," "][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\\n");')
jssURL=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url | sed s'/.$//')
outputDir="/Users/$loggedInUser/Documents/Export_$(date +%m-%d-%Y)"

# Ensure xmlstarlet is installed
if ! which xmlstarlet ; then
    echo "You must install xmlstarlet before using this script."
    echo "Try 'brew install xmlstarlet'"
    exit 1
fi

clear
echo -n "Enter JSS Username: "
read -r jssUser
clear

echo -n "Enter $jssUser's Password: "
read -r -s jssPass
clear

# Obtain Bearer Token
tokenResponse=$(curl -s -X POST "$jssURL/api/v1/auth/token" -H "Accept: application/json" -u "$jssUser:$jssPass")

token=$(echo "$tokenResponse" | python3 -c "import sys, json; print(json.load(sys.stdin)['token'])" 2>/dev/null)

echo -n "Enter the Mobile Device ID that you want to remove from Static Groups: "
read -r deviceID

read -r -p "Are you sure you want to remove Mobile Device with ID $deviceID from all Static Groups? [y/N] " response
if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
    echo "Continuing..."
else
    echo "Done!"
    exit 0
fi

mkdir -p "$outputDir"

echo "Getting list of groups for device with ID $deviceID..."
deviceGroupIDs=($(curl -X GET -s -H "Authorization: Bearer $token" -H "Accept: application/xml" "$jssURL/JSSResource/mobiledevices/id/$deviceID" | xmlstarlet sel -t -v '//mobile_device/mobile_device_groups/mobile_device_group/id'))

echo "Getting list of Static mobile device groups..."
staticGroupIDs+=($(curl -X GET -s -H "Authorization: Bearer $token" -H "Accept: application/xml" "$jssURL/JSSResource/mobiledevicegroups" | xmlstarlet sel -t -m "/mobile_device_groups/mobile_device_group[is_smart='false']" -v id -n))

echo "Determining Group membership..."
staticGroupsTheDeviceIsIn=($(echo "${staticGroupIDs[@]}" "${deviceGroupIDs[@]}" | tr ' ' '\\n' | sort | uniq -d))
echo "Device ID $deviceID is in ${#deviceGroupIDs[@]} groups total; ${#staticGroupsTheDeviceIsIn[@]} of which are Static."
sleep 3

for id in "${staticGroupsTheDeviceIsIn[@]}"; do
    echo "Obtaining name of mobile device Static Group with ID: $id"
    groupName=$(curl -X GET -s -H "Authorization: Bearer $token" -H "Accept: application/xml" "$jssURL/JSSResource/mobiledevicegroups/id/$id" | xmlstarlet sel -t -v '//mobile_device_group/name')
    if [[ -n "$groupName" ]]; then
        echo "Writing XML of mobile device Static Group '$groupName' to the output file..."
        curl -X GET -s -H "Authorization: Bearer $token" -H "Accept: application/xml" "$jssURL/JSSResource/mobiledevicegroups/id/$id" -o "${outputDir}/Backup_${id}_${groupName}.xml"
        if [[ -f "${outputDir}/Backup_${id}_${groupName}.xml" ]]; then
            modifiedXML=$(xmlstarlet ed -d "//mobile_device[id='$deviceID']" "${outputDir}/Backup_${id}_${groupName}.xml")
            putXML=$(curl -X PUT -s -H "Authorization: Bearer $token" "$jssURL/JSSResource/mobiledevicegroups/id/$id" -H "Content-Type: text/xml" -d "$modifiedXML" 2> /dev/null)
            if [[ -n "$putXML" ]]; then
                echo "Success; Static Group '$groupName' (ID $id) was successfully modified."
            else
                echo "Error; failed to modify Static Group '$groupName' (ID $id)."
                sleep 1
            fi
        else
            echo "Error; could not write XML data locally."
            sleep 1
        fi
    else
        echo "Error; can't GET name of Static Group with ID: $id"
        sleep 1
    fi
done

# Invalidate the Bearer Token
echo "Invalidating Bearer Token..."
curl -X POST -s -H "Authorization: Bearer $token" "$jssURL/api/v1/auth/invalidate-token"

echo "Done!"
exit 0

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded