Jamf Nation Community

@Hugonaut I came up with a script for you that will take a mobile device ID and remove it from any static groups it is a member of. You really need a good XML parser to make this easier, I prefer xmlstarlet and this script leverages that. To install xmlstarlet you can install homebrew using this command:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Then install xmlstarlet with this command:

brew install xmlstarlet

Here is the script:

#!/bin/bash
# written by Ryan Ball

loggedInUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
jssURL=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url | sed s'/.$//')
outputDir="/Users/$loggedInUser/Documents/Export_$(date +%m-%d-%Y)"

# Make sure xmlstarlet is installed
if ! which xmlstarlet ; then
    echo "You must install xmlstarlet before using this script."
    echo "Try "brew install xmlstarlet""
    exit 1
fi

clear
echo -n "Enter JSS Username: "
read -r jssUser
clear

echo -n "Enter $jssUser's Pass: "
read -r -s jssPass
clear

echo -n "Enter the Mobile Device ID that you want to remove from Static Groups: "
read -r deviceID

read -r -p "Are you sure you want to remove Mobile Device with ID $deviceID from all Static Groups? [y/N] " response
if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
then
    echo "Continuing..."
else
    echo "Done!"
    exit 0
fi

mkdir -p "$outputDir"

echo "Getting list of groups for device with ID $deviceID..."
deviceGroupIDs=($(curl -X GET -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevices/id/$deviceID" | xmlstarlet sel -t -v '//mobile_device/mobile_device_groups/mobile_device_group/id')) # | xmlstarlet sel -t -m "/mobile_device_groups/mobile_device_group[is_smart='false']" -v id -n))


echo "Getting list of Static mobile device groups..."
staticGroupIDs+=($(curl -X GET -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevicegroups" | xmlstarlet sel -t -m "/mobile_device_groups/mobile_device_group[is_smart='false']" -v id -n))

echo "Determining Group membership..."
staticGroupsTheDeviceIsIn=($(echo "${staticGroupIDs[@]}" "${deviceGroupIDs[@]}" | tr ' ' '
' | sort | uniq -d))
echo "Device ID $deviceID is in ${#deviceGroupIDs[@]} groups total; ${#staticGroupsTheDeviceIsIn[@]} of which are Static."
sleep 3

for id in "${staticGroupsTheDeviceIsIn[@]}"; do
    echo "Obtaining name of mobile device Static Group with ID: $id"
    groupName=$(curl -X GET -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevicegroups/id/$id" | xmlstarlet sel -t -v '//mobile_device_group/name')
    if [[ -n "$groupName" ]]; then
        echo "Writing XML of mobile device Static Group "$groupName" to the output file..."
        curl -X GET -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevicegroups/id/$id" -o "${outputDir}/Backup_${id}_${groupName}.xml"
        if [[ -f "${outputDir}/Backup_${id}_${groupName}.xml" ]]; then
            modifiedXML=$(xmlstarlet ed -d '//mobile_device[id='"$deviceID"']' "${outputDir}/Backup_${id}_${groupName}.xml")
            putXML=$(curl -X PUT -s -u "$jssUser:$jssPass" "$jssURL/JSSResource/mobiledevicegroups/id/$id" -H "Content-Type: text/xml" -d "$modifiedXML" 2> /dev/null)
            if [[ -n "$putXML" ]]; then
                echo "Success; Static Group "$groupName" (ID $id) was successfully modified."
            else
                echo "Error; failed to modify Static Group "$groupName" (ID $id)."
                sleep 1
            fi
        else
            echo "Error; could not write XML data locally."
            sleep 1
        fi
    else
        echo "Error; can't GET name of Static Group with ID: $id"
        sleep 1
    fi
done

echo "Done!"

exit 0

Enjoy!