Bulk management of Devices and Users

A group of scripts which are used to bulk manage Workspace ONE UEM (AirWatch) managed devices and users.

https://github.com/MrTechGadget/aw-bulkdevices-script

 


aw-bulkdevices-script

A group of scripts which are used to bulk manage Workspace ONE UEM (AirWatch) managed devices and users.

Get-ListOfStaleDevices.ps1 - This script displays a list of all Organization groups in an environment, allowing the user to select an organization group. The user then enters a number of days(X) since the devices have been last seen. All of the devices in that organization group (and child org groups) that have not been seen since X days are exported to a CSV file named with that date.

Remove-StaleDevices.ps1 - This script displays a list of all Organization groups in an environment, allowing the user to select an organization group. The user then enters a number of days(X) since the devices have been last seen. All of the devices in that organization group (and child org groups) that have not been seen since X days are sorted into supervised and unsupervised lists. The device details for both of these lists are exported to a CSV file named with that date. The supervised devices are then issued full wipes and the unsupervised devices are issued enterprise wipes.

Delete-StaleDevices.ps1 - This script displays a list of all Organization groups in an environment, allowing the user to select an organization group. The user then enters a number of days(X) since the devices have been last seen. All of the devices returned in the first "page" in that organization group (and child org groups) that have not been seen since X days and are pending enterprise wipe are deleted are exported to a CSV file named with that date. You can set an optional pageSize parameter to process more or less devices than the default of 500 devices.

EXAMPLE Get-ListOfStaleDevices.ps1 -pageSize 1000

Delete-User.ps1 - This script deletes users from a CSV list of UserIds. The file is required, the column name is optional. If not provided, it will use the default column name of "Id". Given this is a synchronous API call, the list is broken into batches of 50 per call, to prevent timeouts from occurring. The user is prompted to confirm before it is executed. A progress bar shows progress through all of the batches, and output to the window shows successes and failures of each batch, as well as any errors.

EXAMPLE Delete-User.ps1 -userFile "User.csv" -userFileColumn "Id.Value"

Invoke-RebootDevice.ps1 - Reboots devices given a list of SerialNumbers. Uses the Command API to SoftReset (reboot) the device. file parameter (REQUIRED) is the path to a CSV file with a list of Serial Numbers. fileColumn parameter (OPTIONAL, with a default value of "SerialNumber") is the Column title in CSV file containing SerialNumber values. The user is prompted to confirm before it is executed. Output to the window and a log file shows successes and failures of devices, as well as any errors.

EXAMPLE Invoke-RebootDevice.ps1 -file "Devices.csv" -fileColumn "SerialNumber"

Reset-FullDevice.ps1 - This script executes a full device wipe for a CSV list of serial numbers. file parameter (REQUIRED) is the path to a CSV file with a list of Serial Numbers. fileColumn parameter (OPTIONAL, with a default value of "SerialNumber") is the Column title in CSV file containing SerialNumber values. The user is prompted to confirm before it is executed. A progress bar shows progress through all of devices, and output to the window and a log file shows successes and failures of each device, as well as any errors.

EXAMPLE Reset-FullDevice.ps1 -file "Devices.csv" -fileColumn "SerialNumber"

Reset-EnterpriseWipe.ps1 - This script executes an Enterprise Wipe (unenroll) for a CSV list of serial numbers. file parameter (REQUIRED) is the path to a CSV file with a list of Serial Numbers. fileColumn parameter (OPTIONAL, with a default value of "SerialNumber") is the Column title in CSV file containing SerialNumber values. The user is prompted to confirm before it is executed. A progress bar shows progress through all of devices, and output to the window and a log file shows successes and failures of each device, as well as any errors.

EXAMPLE Reset-EnterpriseWipe.ps1 -file "Devices.csv" -fileColumn "SerialNumber"

Get-DeviceDetails.ps1 - Gets Device Details given a list of SerialNumbers and Desired names. file parameter (REQUIRED) is the path to a CSV file with a list of Serial Numbers. fileColumn parameter (OPTIONAL, with a default value of "SerialNumber") is the Column title in CSV file containing SerialNumber values. searchBy parameter (OPTIONAL, with a default value of "SerialNumber") is the type of identification number to use in search.

EXAMPLE Get-DeviceDetails.ps1 -file "Devices.csv" -fileColumn "SerialNumber"

Get-Profile.ps1 - Gets Profiles with optional query parameters to limit results. Optional query parameters to refine search. For values, refer to API documentation. https://as135.awmdm.com/api/help/#!/apis/10003?!/ProfilesV2/ProfilesV2_Search Multiple parameters should be joined with "&"

EXAMPLE Get-Profiles.ps1 -query "status=Active&platform=Apple"

Delete-Profile.ps1 - Deletes Profiles given a list of Profile IDs. file parameter (REQUIRED) is the path to a CSV file with a list of Profile IDs. fileColumn parameter (OPTIONAL, with a default value of "ProfileId") is the Column title in CSV file containing ProfileId values.

EXAMPLE Delete-Profile.ps1 -file .\ProfilesTest.csv -fileColumn "ProfileId"

Set-CheckoutDevice.ps1 - Assigns staged device to user via checkout API. file parameter - Path of a CSV file with a list of DeviceId and desired UserId. This is required. deviceColumn parameter - Column title in CSV file containing DeviceId values. This is optional, with a default value of "DeviceId". userColumn parameter - Column title in CSV file containing UserId values. This is optional, with a default value of "UserId".

EXAMPLE Set-CheckoutDevice.ps1 -file "Devices.csv" -deviceColumn "DeviceId" -userColumn "UserId"

Compatibility

These PowerShell scripts are PowerShell Core (PS 6+) compliant and were written with Visual Studio Code on a Mac.

They have been tested on Windows and Mac, but should also run on Linux.

Setup:

  • These scripts take a JSON config file, AirWatchConfig.json, which houses the API Host, API key and Organization Group ID for your AirWatch environment. The format is shown below but if the file is not present, the script will prompt for the values and write the file for you.
{
    "groupid" : 1234,
    "awtenantcode" : "apikey",
    "host" : "host.domain.tld"
}

Author


ログインすると、コメントを追加できます。

コメント 9


3509546120 3 years
Thanks for this. I'm really struggling at the first hurdle, I keep getting the error "No config file exists, please complete the sample config and name the file AirWatcConfig.json". The config file is there saved as a .json however the script can't seem to see it, any ideas?
3729165810 2 years
@gmanjohal, did you ever resolve this? The file should be in the same folder as the script and named "AirWatchConfig.json" Sorry for the delay in response.
3729165810 2 years
FYI, I just updated the script to prompt the user for the information if the config file is not present and it will create the file automatically.
1790541962 11 months
Tried the script but am not able to get the devices to wipe. My OG's GroupID's are non-numeric. Think that might be the issue?
2791455533 10 months
super helpful stuff here. Any thoughts on how to adapt the delete-user script for deleting admins in bulk?
2684205896 8 months
Can't get this to work. I also don't have a numeric Group ID.
I get this error:
WARNING: Error submitting POST. The connection attempt has timed out. (https:443)
WARNING: Error Unenrolling Device:xxxxxxxxxxx
6918469807 7 months
Extracted the download files, made a simple csv file with column heading "Serial Number" and followed by rows of serial numbers, ran the script as the above format Reset-EnterpriseWipe.ps1 -file "Devices.csv" -fileColumn "Serial Number", first got the red "No config file exists", but still let me provide the server name. Provided FQDN without https, asking for API key. That's how far I get to. What is my API key?
3509546120 7 months
@jueliang - you need to create an API account as the scripts utilise AW's API's. Go to Settings - System - Advanced - API - REST API and create your API account there, it will then generate the API Key/API Tennant there. The config file get's created automatically if you don't you don't run the script with the one provided (if you do run the one provided you need to update it with your info i.e. API tennant etc.)
2069310747 1 month
Hi,
Do you have a script for changing OG in AirWatch console?