Jamf Nation Community

alliehodge · ‎12-08-2016

Hello everyone,

I’m stuck trying to figure out a way to auto move computers to specific sites based off of departments. We have multiple IT groups on campus that have their own Site, which they are going to use to deploy policies to their machines. The only problem is, moving computers to a specific site isn't automatic. The IT folks do have the option to enroll a computer is a specific site during the enrollment stage, but we're having end-users enroll themselves, so we're seeing a ton of machines come in with no site.

As of right now, I have a smart group for each department that has a site. I make sure each machine in the JSS has a department listed. The smart group collects machines based off a particular department. From there, I can view the computers in the smart group select “Action” and move all of them to a specific site.

Now, I’m not trying to do this everyday, so I was looking to automate it. I was thinking maybe a script that runs every day saying “if you’re in department X move computer to site X” I don’t know how I’d go about doing this though.

Some side information:
-We're not looking to create multiple quickadd packages for each IT group since there are so many
-We are unable to use any of the features of Recon since we don't have port 22 open on any machine

Any suggestions would be helpful!

Thanks in advance.

mm2270 · ‎12-08-2016

Hmm. That's a good question. I don't use Sites here (or more accurately, we don't assign Macs to any), but, have you taken a look at the JSS API? Its possible something it would allow you to modify the computer record to "move it" into the appropriate Site, based on site IDs for example. I don't know for sure if this can work since I've never tried it.

From your browser, plug in your JSS address with /api at the end of it, so something like https://jss.server.com:8443/api to see the built in API documentation.

Your script would need to know what the Site ID and name was that the Mac should be moved to (or pull that from the JSS API as well) and then know the computer record name, and use a PUT command to update the record with the new Site information. Again, not sure if its really as simple as that or not.

Site information in a computer record shows up under the general section and has the following format

<site>
    <id>-1</id>
    <name>None</name>
</site>

The above is what it looks like with no Site assigned. The <id> and <name> tags would contain different information when its in a Site, of course.

Worth a try exploring that option to see if it can do what you want.

stevevalle · ‎12-08-2016

We use sites for our DEP deployments.

All computers that enrol via DEP go into the "DEP Enrolment" site. Once enrolment is complete and apps/settings have been deployed, a policy moves the computer to the "Production" site.

I have an XML file in a dmg that gets copied to the /tmp folder

XML file looks like this:

<computer>
  <general>
    <site>
      <id>3</id>
      <name>Production</name>
    </site>
  </general>
</computer>

You can get the id of the site by going to the Network Organization section in the JSS settings. Click on your site and have a look at the url. You should see something like /sites.html?id=4.....

Then a script uses the api to change the site.

#!/bin/sh

apiURL="https://jss.url.here:8443"
apiUser="api_username_here”
apiPass="api_password_here"

# Get serial number of Mac so it can be identified in the JSS
serial=$(system_profiler SPHardwareDataType | grep 'Serial Number (system)' | awk '{print $NF}')

# Change the Site to Production from the XML file
curl -sfku $apiUser:$apiPass $apiURL/JSSResource/computers/serialnumber/$serial/subset/general -T /private/tmp/ChangeSite.xml -X PUT

exit 0

And as always, test before applying!

Hope that helps.

alliehodge · ‎12-12-2016

Thank you! I have little experience with the API portion of Casper - ahem - Jamf Pro. I'll check this out, but I appreciate the help very much!

Jamf Nation Community

Automatically Moving Computer Records to a Site