Remove AD users from JSS that have no devices or content assigned

Dylan_YYC
Contributor III

Hey guys,

Maybe my coffee isn't working, but for the life of me i cant seem to find where i can create a smart group of users that do not have any devices/content assigned then delete them from the JSS. Since we are a school, i have a large number of users entering and leaving every year, id like to keep the users list as clean as i can.

Thanks for the help!
Dylan.

16 REPLIES 16

ejculpepper
Contributor

@Dylan_YYC I do not see a way to setup criteria based on the number of devices a user has, not sure if this functionality is built in or not.

May be a bit of a long process...but you could export a list of users as a CSV file, then sort/delete any users that have devices tied to them. With the remaining users, delete all extra columns except their "username" column.

Then, create a "static user group" and get the ID of the group from the URL to enter in your CSV file. In the second column of the file, next to the usernames, enter the static group ID for each user's row and save the file.

Using the MUT utility on an OSX device, you can then import the CSV file of users into the static group. Then go into your Jamf console, find the static user group and click on it, then click on "View" --> "Action" --> "Delete Users".

I'm sure there is a cleaner way of taking care of this task, i'm interested to see others responses on how they handle deleting stale users in their JSS console.

Dylan_YYC
Contributor III

@ejculpepper Thats one way to do it! seems really messy for something that JAMF could fix very easily. Judging by the lack of responses, i dont think there is a decent solution to this problem. Thanks for the input!

ejculpepper
Contributor

@Dylan_YYC Looks like there is a feature request for this, I just voted it up: Feature Request.

danny33c
New Contributor III

It's always been a bit of a pain deleting users in bulk. In the past I've used a script that was going around. It would add the users to a static group called "Remove Users" and add it to the Exclusions of every VPP removing the app assignments. The script no longer works, but I kept that group around because it's still in exclusions. Now students must be removed from assignments and classes before they can be deleted. I basically do these steps manually now, I delete the classes which can easily be re-imported, we also have positions based on grade so I can add whole grades to the Remove Users group and then remove them in bulk. It's a bit more difficult for students that have left the district. It would definitely be easier to base criteria off of number of devices assigned.

Dylan_YYC
Contributor III

@ejculpepper looks like thats from 2014... yikes!

ejculpepper
Contributor

Yeah it has definitely been sitting for a while! Another feature request that sounded exactly like what we are wanting was marked as a duplicate though, and led to the feature request I linked.

kwsenger
Contributor

@ejculpepper We simply do the following when we need to delete users who have been removed from devices (user and location). Users > Search all users > Action button > Delete Users > You will get prompted on how many users can be deleted and those that cannot.7c79cae09eab49488425ca3e8cb47398

ejculpepper
Contributor

@kwsenger Wow, that is a much easier solution. I figured if you click to Delete Users after searching for All Users then that would end badly, I didn't know it would prompt you with the screen above.

Thank you for sharing this info!

christina_luis
Contributor
We simply do the following when we need to delete users who have been removed from devices (user and location). Users > Search all users > Action button > Delete Users > You will get prompted on how many users can be deleted and those that cannot.

What i normally do is click on mobile device at the top and it sorts by who doesn't or does have devices. Then i go in one by one and delete. This is MUCH MUCH easier! Thank you!

a_holley
Contributor

This is awesome, thank you so much! I thought I was going to have to manually delete users one by one.

On the topic of users, I can't work out why people are not being created when they have devices assigned to them. Can anyone shed some light on that?

kayc
New Contributor III

Had a bunch of dupes and unused users to remove. Tried this method in several relatively small batches from 10-350 users, and it worked fine. Did the search all method, no prompt as noted above, and I'm currently stuck watching every one of my 5500+ users be deleted. Upon further inspection, it seems that type of search reports "0" for computers/mobile devices for every user for some reason. For science, I picked out a couple users known to have devices, and they were deleted just the same. I was able to export my devices/usernames after only losing a few hundred, but this will make for a rather unhappy Monday for a lot of people. :(

danny33c
New Contributor III

Do you not have a backup of your server/database?

kayc
New Contributor III

We moved from on prem a little over a year ago. I have a ticket in with support though.

dng2000
Contributor

I successfully deleted thousands of users that no longer have devices attached to them. But that was on 10.21. I wonder if that accidental deletion of all users is something with 10.23.

kayc
New Contributor III

From what support says, they'll probably be filing this as a bug. Though I still need to get on a call with them to go over the details.
Not trying to hijack the thread, but for those of you wanting to see if you're affected... Find a user and verify they have a device assigned to them in JAMF. Do a blank user search. The results will indicate 0 devices for that user. If you deleted users via the Actions button, you won't get prompted, and it will delete the user despite having a device assigned.

Ninja edit: it seems there are other bits that don't reliably get reported in searches either. Position is a field we fill via AD and if you check individually, it appears correctly, but not so much in searches...

christina_luis
Contributor

Thank you for sharing this, its good to know before going in and cleaning out users. I think Ill just stick to my one by one way for the time being until this is cleared up.