Posted on 09-22-2016 11:54 AM
Hey, I'm currently working to implement Apple Classroom into my district, and I'm about to start importing the classes into ASM from my LMS. The issue is that the Managed Apple IDs in ASM are different than the email addresses tagged to my iPads in JSS. (The emails are a different domain than the Apple IDs, we had no choice here).
So... I will be updating the email address for all my users in AD to the NEW domain for ASM Apple IDs. My question is, will JSS update, or not. I'm thinking not. The "User & Location" field seems static to me, populated on enrollment based of AD information at the time.
If it doesn't update, is there a way to force the JSS to hit up AD for all the new user info to identify my iPads?
Posted on 09-24-2016 01:15 AM
@nhennig I've not seen a way to update it en masse.
But if you go to a device, user & location then click edit & then the magnifying glass. The JSS should pick up the changes from LDAP.
(You'll then need to click save to save).
Posted on 09-24-2016 06:04 AM
Also keep in mind that the JSS will match up the users just fine during the class import as long as the part before the @ is the same. So you don't necessarily need to change anything as long as joe.smith@domain.com has an Apple ID of joe.smith@appleid.domain.com.
Posted on 09-24-2016 06:43 AM
That said, this Powershell script will take the devices in a smart group, query AD for the email address of the username assigned to the device, and update the email address on the iPad for that user.
Things to configure in the script:
$production = $true // Set to false if you want to see what the script is going to do before doing it
$jssURL = "https://jss.domain.com:8443" // Set to your JSS URL
$apiUser = "user" // Needs to be a user that has permission to update that device/user
$apiPass = "password" // Password
$smartGroup = "Temp" // The name of the smart group with the devices you want to update (Test with a small group first!)
Backup your database before trying this, I put this together quickly. It worked on a small test group through.
Posted on 09-29-2016 08:14 PM
Also, you can configure the Update Inventory to contact LDAP each time and it will update Name and Email fields as well as any LDAP Extension Attributes you may have.
[edit for typo]