Get JSS ID locally via script?

Valued Contributor III

Is there a way to get the JSS ID of a system locally via script (is it stored anywhere on the client)? I am working on some API data upload scripts and want to get the JSS ID of a system locally, since that is the best unique identifier for the JSS DB and every system has one. I don't really trust serial number or name 100%.


Legendary Contributor III

No, only stored in the computer record, so you can get it via the API. My suggestion (and what we do) is once its captured, store it to a local file so it doesn't have to pull it every time. The only issue with that approach is if it ever gets re-enrolled, say it was deleted, or had hardware replacement done and creates a new JSS ID, the existing record ID would be incorrect.

Honored Contributor

I would use the UUID. If a logic board is replaced then it will create a new record based off the UUID which means the proper record would be getting updated. In those situations you may run into systems that multiple JSS IDs but the same serial, but different UUIDs. However, the latest and current UUID is what should be the active/current record in the JSS when it comes to inventory and checking in.

Valued Contributor III

Thanks, I am just going with the udid I suppose, should be the most reliable of all my options.

Valued Contributor

You could have a script run a recon and grep out the <computer_id>##</computer_id> from the response.

That the only way I can think of to pull it locally on the machine via script.

Valued Contributor III

Yeah, I thought about that, the issue I am trying to address is systems that are unable to recon for some reason ("The message could not be parsed" error for example). If a computer can execute a script, I can still get certain critical data from it for security compliance purposes even if recon fails.

Contributor III

Yeah, as part of our post imaging process a script runs that basically calls a recon or enroll command (your choice) and parses out the computer ID the JSS spits back at you at the end and dumps it into a file. You can then just reference the value in that file locally when needed.

/usr/sbin/jamf recon | grep '<computer_id>' > '/private/var/jss_computer_id.xml'

Our script has a bit more in it to delete this file if it already existed for some reason when the script was run again.

We do the same with the computer name at imaging time so we can reference that when trying to enforce computer names back to what it original came with.

Valued Contributor

@alexjdale this will sound goofy but if you remove /Library/Preferences/SystemConfiguration/preferences.plist and restart, can you then recon?

New Contributor II

Would there be a way to run a script that gets the computer id and passes that info to open the computers record in the jss.
What I'm trying to do is have a script available in Self service that would open up that computer in the JSS.

something like


/usr/sbin/jamf recon | grep '<computer_id>' > '/private/var/jss_computer_id.xml'

open -a /Applications/'computer_id'&o=r

Valued Contributor II

I have not tested this with a computer in the id range of 1 - 999 --- only a computer in the 1000 - 9999 range so please test if you have a computer in the hundreds range. Also, not scripted for use with computer ids in the 10,000 to 99,999 range or up...

This does what you want it to do @ dan.gregson hope it helps.



    set UNAME to "root"
    set PASSW to "password"

    -- needed for end of link to jss
    set jsslinksuffix to "&o=r"

    -- pulls raw output <computer_id>####</computer_id> OR <computer_id>###</computer_id> BUT if its <computer_id>#####</computer_id> you probably dont need this script
    set rawGREPid to do shell script "sudo /usr/local/bin/jamf recon | grep '<computer_id>'" user name UNAME password PASSW with administrator privileges

    -- creates variable for computers with id 1000 to 9999 (MORE LIKELY TO OCCUR THAN 1 to 999 thats why i did it this way)
    set FourCharacterID to text 14 thru 17 of rawGREPid

    -- parses out < which can carry over if ID is in hundreds place, making text 17 a <
    if FourCharacterID contains "<" then set ThreeCharacterID to text 14 thru 16 of rawGREPid

    -- runs url with variables set for computer id in url string
    if FourCharacterID contains "<" then
        do shell script "open -a /Applications/" & quoted form of (ThreeCharacterID & jsslinksuffix)
        do shell script "open -a /Applications/" & quoted form of (FourCharacterID & jsslinksuffix)
    end if

end try
Looking for a Jamf Managed Service Provider? Look no further than Rocketman

Virtual MacAdmins Monthly Meetup - First Friday, Every Month

New Contributor III

I know this is a super-old thread, but I wanted to share what we're playing with.  We have our build deployment send chat notifications to our IT channels on MS Teams with a webhook, and we want to include a direct link to the Jamf computer record in that message.  Here's a little proof-of-concept for getting comp id locally WITHOUT hitting the API, which would require api credentials embedded in our scripts. The script then inserts the computer_id into a URL.  We'll probably then take that url and feed it into the webhook json, but opening in Safari works for demonstration.


echo "Running recon to get computer_id"
computer_id=$( sudo jamf recon | grep 'computer_id' | sed 's/<.*>\(.*\)<\/.*>/\1/g' )
echo "Computer ID: $computer_id"

echo "Opening Jamf computer record with Safari
open -a Safari "$computer_id&o=r"


New Contributor II

I cannot claim this as my own solution but I am using a script written by Kevin M. White which uses what seems to be a more elegant approach which might help some people.

Jamf provides various variables it will substitute individual values for, these values can then be used in profiles but not policy scripts.

See -

It is therefore possible to use $JSSID and have the individual computer ID number substituted as part of a profile. A script can then read the value of this using the defaults read command.