Posted on 04-20-2023 04:49 AM
On occasion we have Macs repaired that require a motherboard swap. If we don't remove them from Jamf before the repair, then when we get them back it enrolls as a completely different computer that just so happens to have the same serial number. We are using a script to rename all computers to their serial numbers. This means that after repairs we will have 2 entries for basically the same computer. What I'm doing now is I will export the list of all computers and use Excel's conditional formatting to find duplicates for me. Then I locate the duplicates in Jamf and delete what is the old computer record and keep the new computer record. Is there a way to use a smart group to put together Macs that have the same name? Sure, I could build a smart group to look for all computers named "C02XXXXXXX" but that would require that I already know which ones I'm looking for. If I had a small number of computers then I could skim the list manually and pick out the duplicates, but with over 1300 Macs, that's not something I can do without Excel's help.
Posted on 04-20-2023 05:18 AM
@AVmcclint This isn't an uncommon when a Mac repair involves a motherboard swap. Normally we delete Macs sent for repair from Jamf Pro, so we don't run into it often and I use the Excel/PivotTable approach you mention to find problem machines. You could write a script to pull your inventory via the Jamf Pro API and search for duplicates that way, but it isn't something I've needed to do enough that I've looked at actually doing that.
04-21-2023 11:44 AM - edited 04-21-2023 11:46 AM
No, there's not anything built in; nor is there an easy (or recommended) way to do this in Jamf Pro -- e.g. your Smart Group theory would be a monster to maintain.
I've used the Excel Conditional Formatting to do it and have moved to using a SQL query now.
Also, I highly recommend against simply deleting the original record. The inventory record holds lots of information that you may need at some point (FileVault Recovery Keys, Activation Lock Bypass Codes, Recovery Lock passwords, Initial Enrollment Date (not referring to the Last Enrollment Date here, uploaded files, etc.). I actively discourage deleting records in my organization. Instead, you should update the original record with the new UUID/UDID.
Posted on 04-21-2023 12:07 PM
For some orgs deleting the original record is not an issue. We don't use Jamf Pro as an inventory system, so the initial enrollment date isn't important. Regarding previously set FileVault Recovery Keys, Activation Lock Bypass Codes, or Recovery Lock password, none of those will still be valid if the motherboard is replaced so that info in the original computer record isn't useful.
Posted on 04-21-2023 12:09 PM
The FileVault PRK and Activation Lock Bypass Codes are still valid if the device isn't wiped.
Posted on 04-21-2023 12:58 PM
Replacing a motherboard on any Mac with a T2 or Apple Silicon processor is tantamount to wiping the device. Really any Mac with SSD storage soldered on the motherboard, but especially those since the contents of the storage are encrypted by the T2 or ASi SOC.
Posted on 04-21-2023 01:00 PM
While true, what if a backup is created and restored?
Posted on 04-21-2023 01:04 PM
Restoring the contents of the drive isn't going to restore those keys, and restoring the contents of the drive after a motherboard replacement won't result in the Mac coming back under management because the UUID will have changed.
Posted on 04-21-2023 01:07 PM
The UUID/UDID changing is what causes duplicate records resulting in two managed device records. That new UUID becomes managed in our environment every time.
04-21-2023 01:33 PM - edited 04-21-2023 01:34 PM
Are you saying you're restoring a backup and the repaired Mac starts checking into your Jamf Pro instance with a new computer record without being enrolled again? Or that you're re-enrolling the Mac which creates the new computer record? The latter is what I have been saying should happen, the former is what I don't believe is possible.
Posted on 04-21-2023 03:30 PM
We have (or have had in the past) devices that are repaired (main boards replaced), come back, and when they're turned on and check in, a new record is automatically created in Jamf Pro for the device. The device is not re-enrolled. It's literally the same instance of the device (device certificate, MDM push tokens, Management account, etc.).
There are times where a tech isn't even involved/aware that a device was repaired, the user took it themselves to an Apple Store to be repaired. They get it back, a new record is created, I go yell at our deskside techs about another duplicate record that needs to be fixed, and they go "I had no idea it was repaired."
I no longer deal with these kinds of day to day activities, but this is what is relayed to me from techs that are.
Posted on 04-21-2023 09:44 PM
The excel thing probably works well enough... Alternately you could write an API script to:
1) get all the serial numbers of all the devices in your environment
2) iterate through the list of serial numbers searching the device API endpoint for that serial number
3) Any "normal" search should return only a single result; but a duplicated serial number should return two results... so look for those? Then delete the endpoint with the older enrollment / last checkin dates.
I don't love this as it feels like a lot of work through the API... but it would give you an automated way vs the excel sheet.
Posted on 04-23-2023 11:29 PM
You'd have to hit the `/computers` endpoint, then iterate over each ID to then get the serial numbers (e.g. via the `/computers/subset/basic` endpoint) and collect them into a list/array, but once you got that....you have all the serial numbers, no need to look up the serial number(s) again to see if there's duplicates....as you could determine duplicates from that list.
That said, I would highly recommend against "automating" the deletion of records....that's a very dangerous thing to do.
If, after determining which records should be removed, you want to use the API to perform the actions, fine, I do that, but....not having a human review what should be removed...that just seems....not safe...
Oh and just to mention....additional scenarios you may want to consider: