Help

API - Update User information from LDAP

Malcolm
Contributor II

Posted on ‎02-22-2023 09:33 PM

Is there any way to invoke a forced update of user information from LDAP with out the device needing to be check in?

we have status of our users directly maped in our user details of AD which is imported through ldap, and updates overnight providing the device is checking in, if the device doesn't checkin this information never updates, putting critical information which we leverage in the MDM for app and setting distribution etc. But also helps us insure the statistics of things are accurate due to the status information we map into fields like room and department and phone of the users ldap which.

I have used API to update MacBook information before, however I am trying to workout how I can force this process that occurs nightly with devices check in, without their need to check in, so that stale devices are showing the correct status of our users, or at the very least, collect the user assigned to the device, and leverage this against a CSV to update the fields through a manual csv.

For years I have used a screen recorded macro to tab click, each device, and manually research the assigned user and update the details once it has collected the new information from AD. Ideally though an API script could probably achieve this result far better.

0 Kudos
2 REPLIES 2

mark_mahabir
Valued Contributor

Posted on ‎02-24-2023 03:02 PM

Yes, it is possible to update user information from LDAP without the device needing to check-in. Jamf Pro provides several APIs that allow you to programmatically update user and device information.

One option is to use the Jamf Pro API to update user information directly in the Jamf Pro database. You can use the /users endpoint to update user information, including custom attributes that you have configured in Jamf Pro to map to AD fields. You can use the API to query your AD server directly to get the latest user information, and then update the user information in Jamf Pro.

Another option is to use a third-party tool like the Jamf Pro PowerShell module, which provides a set of PowerShell cmdlets that you can use to manage your Jamf Pro environment. With this module, you can use PowerShell to query your AD server and then update user information in Jamf Pro. This can be useful if you prefer to work with PowerShell rather than the Jamf Pro API directly.

Both of these options will require some scripting or programming knowledge, but they can be more efficient and accurate than manually updating user information for each device.

0 Kudos

Malcolm
Contributor II
In response to mark_mahabir

Posted on ‎02-25-2023 05:28 PM

Thank you… the powershell module seems best because we are jamf pro cloud and id expect that would be a curve ball for the api method?
Did you have links to it?

Putting this in place would get me a step closer to a better device exit process for the end of year.

Get Outlook for iOS<>
IMPORTANT - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education.
0 Kudos