Every year the college I work at (only started halfway through the year) provides a 1 to 1 device (laptop) to students (grade 7 and 10 kept for three years) and staff.
This year the college is changing from Mac to Windows and I need a way to quickly manage (add, remove and assign etc) devices in our MDM (AirWatch/VMWare Workspace ONE).
I have started making a PowerShell script with a GUI to help with this as this is a highly repetitive task when assigning hundreds of devices as well as small numbers and one off’s throughout the year as students and staff join and leave the college. This same task is repeated across other colleges that are part of the same organisation so there is hundreds of hours spent on this every year.
Not having worked with API’s before this is a great chance for me to learn and build that resume for the next job and give something to the other colleges to save them time and effort.
Currently the script will check Active Directory by searching for the users by their ID number (this makes it easy to use a barcode scanner) and returning their AD login name. It can then use the AD login name to search Workspace ONE and return what device that user currentky has.
The current script version can be found here.
Current WIP is assigning a device to user.
List of features that I would like to build in.
Assign a device to a user
Delete a device from Workspace ONE
Delete a device from Active Directory
When assigning a device to a user, output to a file and convert the output into barcode for easy scanning into our Library cataloguing system
Assign the device to a user in helpdesk system GLPI
What ever else I can come up with
2 Likes
I have had some major wins and also major set backs. I have skeleton code that will allow me to assign a device to a user which is fantastic but I am running into issues around permissions and what level of access to the Workspace ONE API I can get.
This is a major issue as I need to assign devices to users by their Workspace ONE ID which I cannot search for using the API with my current level of access.
I have tested the code I have as working by using an account what was created in the Workspace ONE console (what is referred to as a basic account) but any directory synchronised accounts I am unable to search for the details which would return their Workspace ONE ID.
I can find a users Workspace ONE ID by visiting the accounts page, clicking on the user and then looking at the URL bar which has their ID in it. To make this work programmtically I need to be able to search for this ID somehow.
Probably the last commit for the year. I have better laid out the labels and buttons so they and the results shouldn’t overlap each other.
Currently working on the accepting user input to allow scanning on a barcode (device serial number) to be able to assign that device to a user.
I have near 100% confidence that there is a permission issue which prevents me from searching for a users Workspace ONE ID number which is super critical as this is required to register a device to a user.
I can still assign a device to a user if I already know there Workspace ONE ID number but the trick is finding some way to get this via scripting.
Functionally this script is complete. There is obviously more that can be done and tested so I will continue to work on it to add extra features.
I still have what I believe to be a permission issue relating to my access to the Workspace ONE API aruond the ability query for user ID numbers and I have a ticket with the “Crystal Palace” requesting greater read access.
I feel that I am in a bit of an odd place, while all the code I have has been tested and it should work, due to the issue around user ID’s it doesn’t work. A bit unfair when that is beyond my control but for now it is what it is.