- Jamf Nation Community
- Products
- Jamf Pro
- Auto-unassign computer based on AD user account st...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Auto-unassign computer based on AD user account status (Active vs Inactive)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-23-2016 09:41 AM
Hey Friends,
Has anyone successfully set up a method to auto depro a user from Jamf? I've been tasked with helping out our help desk with offloading, and I'm triyng to figure out a way to use the Jamf API to automatically remove the user assigned to the machine in Jamf.
Has anyone figured out a simple way to do this or could point me in the right direction? Admittedly my API skills are limited, any help would be greatly appreciated.
Labels:
- Labels:
-
Inventory (OS X)
-
Jamf Pro
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-23-2016 10:10 AM
Not tried it but just put this together to get you going. It needs the code to check Active/Inactive for the user in AD, but in theory, if attached to a policy to run at login, it should update the location information, clearing out whats there.
#!/bin/sh
apiUser="your_api_username"
apiPass="your_api_password"
####### Test
# some code to read users active / inactive status from AD here...
####### Advanced modification below this line #######
if [ result_of_above_test == "Inactive"]; then
# Save the local machine's serial number
serial=$(system_profiler SPHardwareDataType | grep 'Serial Number (system)' | awk '{print $NF}')
# Create the XML file to be uploaded to the JSS
cat <<EOF > /private/tmp/$serial.xml
<computer>
<location>
<username></username>
<real_name></real_name>
<email_address></email_address>
<position></position>
<phone></phone>
<department></department>
<building>Roaming</building>
<room><room/>
</location>
</computer>
EOF
# Read the JSS URL from the local machine
apiURL=$(defaults read /Library/Preferences/com.jamfsoftware.jamf jss_url | sed 's:/*$::')
# Update the Location section of the computer record
curl -sfku $apiUser:$apiPass $apiURL/JSSResource/computers/serialnumber/$serial/subset/location -T /private/tmp/$serial.xml -X PUT > /dev/null
# Note - the "location" bit is a guess. Need to check thats actually what it's called.
# Remove the saved XML file
rm /private/tmp/$serial.xml
fi
exit 0
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-23-2016 10:58 AM
Instead of using the API, you can just run recon with the -username and other parameters. see 'jamf help recon' for more info.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-23-2016 11:19 AM
That's was my first thought. Would it work to remove details? Would be a lot easier if it did.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-23-2016 11:21 AM
If I recall correctly from another thread, you can't use the jamf recon syntax to remove location information, only to assign it or update it. It won't accept a blank value I believe.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-23-2016 12:55 PM
I've actually never used Recon. I will look into that as an option as well, thank you!
