Skip to main content

Deleting Users and Classes in Jamf Pro that were synced from Apple School Manager

Updated over 3 weeks ago

Description

This article provides steps to delete users and classes from Jamf Pro. These workflows are used when we need to:

  • Get Jamf Pro populated with users and classes for a new school year

  • Fix an issue with duplicate classes

  • Fix an issue with duplicate users (fix requires deleting Classes and users before re-importing/syncing with Apple School Manager)

If desiring to delete classes only, see section 2. If desiring to delete users, follow all the steps.

1 - Disassociating Users

You cannot delete users without first disassociating them from classes, devices, and assigned content.

Before beginning the workflow below check:

  • If any critical configuration profiles or apps are scoped to users instead of devices. DO NOT process this workflow if any Wi-Fi configuration profiles or apps with data in need of backing up that are scoped to users.

  • If users are scoped to Computers, Mobile Devices, or Content Assigned by using a blank user search.

    • If we notice any users with Content Assigned investigate if they are eBooks, if so make sure not to re-scope these after the workflow as they can create VPP errors. In addition, the eBooks are already permanently associated with the User's Apple Account anyways so there is no need for re-scoping the license.

Complete steps 1-6 for both Computers and Mobile Devices if we saw both listed in the check above.

  1. Ensure that the username column is displayed when searching the inventory for Mobile Devices/Computers.

  2. If it is not, in Jamf Pro navigate to Settings > Device Management/Computer Management > Inventory Display > User and Location, and enable the Username checkbox.

  3. Process a blank Mobile Device/Computer search so that all devices are displayed

  4. Click Export in the lower right.

  5. Select the Comma Separated Values (.csv) and Mobile Devices/Computers options.

  6. Save this CSV file in a safe location. We will need it later to associate the usernames back to the same devices after deleting them.

  7. Use the Mass Update Tool to blank out the username field associated with devices.

2 - Deleting all your Classes in Jamf Pro

Option 1: Jamf Pro has the option to delete all classes directly under Users > Classes.

Option 2: Use a script to delete classes.

Example Script workflow

Custom scripting is not officially supported by Jamf Technical Support. Many organizations have successfully used the script below, but we always recommend deploying first in a test environment before deploying into production.

  1. Download the script from GitHub. https://github.com/TheTechGuyTy/Jamf/blob/main/deleteAllClasses_noRefresh_3.0.sh

  2. Place the deleteAllClasses_noRefresh_3.0.sh file on your desktop.

  3. Open Terminal.

  4. Type the following into the Terminal window: sh ~/Desktop/deleteAllClassesBearer.sh

  5. Read the warning and click y if you would like to proceed.

  6. Enter the Jamf Pro URL, Jamf Pro Username, and Jamf Pro Password.

  7. Let the script run until it finishes. The more classes in the server, the longer the script will take.

Additional Notes:

  • The noRefesh version goes through 100 at a time before forcing a class refresh with Jamf. This allows the script to run much faster than past scripts.

  • Log is stored at /tmp/classes_deleted.txt

  • There is an extra step at the end of the script that creates a class and delete it. This is to force a class refresh.

  • If utilizing this script, some useful troubleshooting errors which could be received, are as follows:

    • 401 Unauthorized Response: indicates that the client request has not been completed because it lacks valid authentication credentials for the requested resource.

      • Check if using a Jamf Pro local admin account and that the username and password are correct.

    • 403 Forbidden Response: indicates that the server understands the request but refuses to authorize it.

      • Check that our Local Jamf Pro Admin has proper permissions to utilize the specific API endpoints mentioned in the script.

3 - Deleting the Users

  1. Navigate to the Users tab in Jamf Pro.

  2. Do a blank inventory search.

  3. Use the Action button in the lower right to delete all users.

4 - Bringing Classes and Users Back

  1. Address the issue that caused the need for this workflow. For example, duplicate users.

  2. Re-import users first. If we reimported classes first and there are more issues we would have to use the Mass Action to delete the users again since a class import brings in both classes and users.

  3. Use the Mass Update Tool (MUT) and the CSV created in part 1 to re-associate the users back to their Computers or Mobile Devices.


5 - If you are using Shared iPads (not always required)

If you need to add a Mobile Device Group back to classes (required for Shared iPads) you can use the following steps to do this in mass while making sure to replace INSERT_USERNAME, INSERT_JAMF_URL, the ID range for the classes, and the ID for the Mobile Device Group.

  1. This MySQL command will output all Class IDs and Group IDs for the next command: select classroom_id, mobile_device_group_id from classrooms;

    Note: You can record the output of this command by first running 'tee /tmp/output.txt in MySQL, then turning it off by running ˜notee'

  2. This API Command added the groups back to the classes: curl -kvu INSERT_USERNAME INSERT_JAMF_URL/JSSResource/classes/id/[1-100] -X PUT -d "<class><mobile_device_group_ids><id>25</id></mobile_device_group_ids></class>" -H "Content-type: text/xml"






Related Articles
Jamf Pro Compliance Benchmarks
Pass Username to the User and Location of Computer Record in Jamf Pro using Jamf Connect
Troubleshooting Jamf Pro User-Initiated Enrollment 101
Classes are not showing in Apple Classroom on a computer managed by Jamf School
Mass Delete Users from Jamf Pro
Did this answer your question?