-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPS WS1.ps1
253 lines (214 loc) · 9.4 KB
/
PS WS1.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
<#
We want an easy way to manage devices by adding, assigning and removed them from Workspace ONE, Active Directory, printing lists and barcodes and so on
Built using the Workspace ONE API tutorial from https://www.brookspeppin.com/2021/07/24/rest-api-in-workspace-one-uem/ and the
PowerShell GUI tutorial from https://theitbros.com/powershell-gui-for-scripts/
Great guide for using other authorisation methods https://blog.mobinergy.com/workspace-one-apis-authentication/ and https://github.com/Mobinergy/workspace-one-apis-authentication
#>
#Let's set some variables
#We need to find a domain controller
$DC = Get-ADDomainController | Select-Object HostName
#Which OU do we want to search for our users in?
$OU = ""
#What is your Workspace ONE LocationGroupID number?
$LocationGroupIdNumber = ""
#What device ownership type do you want?
$OwnershipType = "C"
#What device platform type do you want?
$PlatformIdType = "12"
#We need some details on how to connect to Workspace ONE via API
#First we set up our OAuth details I know API keys shouldn't be stored in code but not sure how else todo this for now
$Server = "https://cn500.airwatchportals.com"
$client_id = ""
$client_secret = ""
#Now we need out access token which is found here https://kb.vmware.com/s/article/76967
#URI end points can be found here https://as500.airwatchportals.com/api/help
$access_token_url = "https://apac.uemauth.vmwservices.com/connect/token"
#Our REST API body
$body = @{
grant_type = "client_credentials"
client_id = $client_id
client_secret = $client_secret
}
#Now we get our OAuth token
try {
$response = Invoke-WebRequest -Method Post -Uri $access_token_url -Body $body -UseBasicParsing
$response = $response | ConvertFrom-Json
$oauth_token = [string]$($response.access_token)
} catch {
$ErrorMessage = $PSItem | ConvertFrom-Json
Write-Log "Failed to create OAuth Token for: $env with following ErrorCode: $($ErrorMessage.errorCode) - $($ErrorMessage.message)" -ForegroundColor Red
}
#Our headers which we will need to send
$header_v1 = @{
"Authorization" = "Bearer " + $oauth_Token;
"Accept" = "application/json;version=1";
"Content-Type" = "application/json"
}
#We need .NET to make our GUI so let's load that up for PowerShell
Add-Type -assembly System.Windows.Forms
#Let's create the actual GUI window
$main_form = New-Object System.Windows.Forms.Form
#Let's label our GUI window
$main_form.Text = "PS WS1"
#Our GUI needs some dimensions
$main_form.Width = 600
$main_form.Height = 400
$main_form.AutoSize = $true
#A label that says "Select a user ID number"
$Label = New-Object System.Windows.Forms.Label
$Label.Text = "Select a user ID number"
$Label.Location = New-Object System.Drawing.Point(0,10)
$Label.AutoSize = $true
$main_form.Controls.Add($Label)
#A combo box which will contain a list of users from AD
$ComboBox = New-Object System.Windows.Forms.ComboBox
$ComboBox.Width = 150
#We want to search the our domain but only in the specified OU but we want to search by "sID" number so we can barcode scan them in
$Users = Get-ADUser -filter * -Properties extensionAttribute6 -SearchBase $OU -Server $DC
Foreach ($User in $Users)
{
#$ComboBox.Items.Add($User.SamAccountName);
$ComboBox.Items.Add($User.extensionAttribute6);
}
#Where do we want our $ComboBox to actually be placed in our GUI
$ComboBox.Location = New-Object System.Drawing.Point(200,10)
$main_form.Controls.Add($ComboBox)
#We want a text input that allows us to input the serial number of a device
$DeviceSerialNumberInput = New-Object System.Windows.Forms.TextBox
#Where do we want our $DeviceSerialNumberInput TextBox to be placed in our GUI
$DeviceSerialNumberInput.Location = New-Object System.Drawing.Point(200,130)
$main_form.Controls.Add($DeviceSerialNumberInput)
#We want to be able to save our work to a CSV file so we have a record of who has what which can be loaded into other systems as required
$CSVSelect = New-Object System.Windows.Forms.ListBox
#Where do we want our $CSVSelect ListBox to be placed in our GUI
$CSVSelect.Location = New-Object System.Drawing.Point(200,160)
$main_form.Controls.Add($CSVSelect)
#A label that states "Users AD login name"
$Label2 = New-Object System.Windows.Forms.Label
$Label2.Text = "Users AD login name"
$Label2.Location = New-Object System.Drawing.Point(0,40)
$Label2.AutoSize = $true
$main_form.Controls.Add($Label2)
#The resuts that actuall show the Users AD login name
$Label3 = New-Object System.Windows.Forms.Label
$Label3.Text = ""
$Label3.Location = New-Object System.Drawing.Point(200,40)
$Label3.AutoSize = $true
$main_form.Controls.Add($Label3)
#A label that states "Users device in Workspace ONE:
$Label4 = New-Object System.Windows.Forms.Label
$Label4.Text = "Users device in Workspace ONE"
$Label4.Location = New-Object System.Drawing.Point(0,70)
$Label4.AutoSize = $true
$main_form.Controls.Add($Label4)
#The results returned showing the users device from Workspace ONE
$Label5 = New-Object System.Windows.Forms.Label
$Label5.Text = ""
$Label5.Location = New-Object System.Drawing.Point(200,70)
$Label5.AutoSize = $true
$main_form.Controls.Add($Label5)
#A label that states "The users Workspace ONE ID"
$Label6 = New-Object System.Windows.Forms.Label
$Label6.Text = "The users Workspace ONE ID"
$Label6.Location = New-Object System.Drawing.Point(0,100)
$Label6.AutoSize = $true
$main_form.Controls.Add($Label6)
#The actual results for the "Workspace ONE ID of the user"
$Label7 = New-Object System.Windows.Forms.Label
$Label7.Text = ""
$Label7.Location = New-Object System.Drawing.Point(200,100)
$Label7.AutoSize = $true
$main_form.Controls.Add($Label7)
#A label that says "Scan device serial number"
$Label8 = New-Object System.Windows.Forms.Label
$Label8.Text = "Scan device serial number"
$Label8.Location = New-Object System.Drawing.Point(0,130)
$Label8.AutoSize = $true
$main_form.Controls.Add($Label8)
#A label that says "Load in CSV file"
$Label9 = New-Object System.Windows.Forms.Label
$Label9.Text = Load in CSV file"
$Label9.Location = New-Object System.Drawing.Point(0,160)
$Label9.AutoSize = $true
$main_form.Controls.Add($Label9)
#Let's have a button that people can push #PushItPushItRealGood
$Button = New-Object System.Windows.Forms.Button
$Button.Location = New-Object System.Drawing.Size(400,10)
$Button.Size = New-Object System.Drawing.Size(150,23)
$Button.Text = "Check Active Directory"
$main_form.Controls.Add($Button)
#We are going to make a second button to check Workspace ONE but really we don't need one as we could use the first but let's try
$Button2 = New-Object System.Windows.Forms.Button
$Button2.Location = New-Object System.Drawing.Size(400,70)
$Button2.Size = New-Object System.Drawing.Size(150,23)
$Button2.Text = "Check users device in Workspace ONE"
$main_form.Controls.Add($Button2)
#We want to make a button to allow us to check what the users Workspace ONE id number is
$Button3 = New-Object System.Windows.Forms.Button
$Button3.Location = New-Object System.Drawing.Size(400,100)
$Button3.Size = New-Object System.Drawing.Size(150,23)
$Button3.Text = "Check users Workspace ONE ID"
$main_form.Controls.Add($Button3)
#Now let's give users a button that they can click on to assing a device to a user in Workspace ONE
$Button4 = New-Object System.Windows.Forms.Button
$Button4.Location = New-Object System.Drawing.Size(400,130)
$Button4.Size = New-Object System.Drawing.Size(150,23)
$Button4.Text = "Assign device to user"
$main_form.Controls.Add($Button4)
#What code do we want to actually run when people "Salt and Pepper" our button
$Button.Add_Click(
{
#We still want our AD user but maybe we can put this into a variable and have the lable call that so we can use .SamAccountName
$GetUser = Get-ADUser -Server $DC -Filter "extensionAttribute6 -eq '$($ComboBox.selectedItem)'"
$Label3.Text = $GetUser.SamAccountName
}
)
#Let us check Workspace ONE for the users device
$Button2.Add_Click(
{
$UserToCheck = $Label3.Text
$device = Invoke-RestMethod -Uri "$Server/api/mdm/devices/search?user=$UserToCheck" -Method Get -Headers $header_v1
$Label5.Text = $device.Devices.SerialNumber
}
)
#Let us check Workspace ONE for the users ID number
$Button3.Add_Click(
{
$UserToCheck = $Label3.Text
$UserIDCheck = Invoke-RestMethod -Uri "$Server/API/system/users/search?username=$UserToCheck" -Method Get -Headers $header_v1
$Label7.Text = $UserIDCheck.Users.id.Value
}
)
<#We need to know the folowing
WorkSpace ONE user ID for our user who we are going to assign the deivce to
LocationGroupId for the user and device
Device FriendlyName i.e. OrgCode-%SerialNumber%
Device SerialNumber i.e.
Ownership
Based on trail and error (because I couldn't find it explicted stated in the WS1 API documentation)
LocationGroupId = "" (Unsure where you can find this in the console)
Ownership "C" = Corporate - Dedicated
Ownership "E" = Employee Owned?
PlatformId "5" = Android
PlatformId "6" = Athena
PlatformId "9" = Windows 7
PlatformId "10" = Apple macOS
PlatformId "11" = Windows Phone
PlatformId "12" = Windows Desktop
#>
$DeviceBody = @{
LocationGroupId = $LocationGroupIdNumber
FriendlyName = $DeviceSerialNumberInput.Text
Ownership = $OwnershipType
PlatformId = $PlatformIdType
SerialNumber = $DeviceSerialNumberInput.Text
}
#Assign that actual device to a user in Workspace ONE
$Button4.Add_Click(
{
$UserID = $Label7.Text
$DeviceEnrollment = Invoke-RestMethod -Uri "$Server/API/system/users/$UserID/registerdevice" -Method Post -Headers $header_v1 -Body ($DeviceBody | ConvertTo-Json)
}
)
#Let's show everyone the GUI
$main_form.ShowDialog()