Automate Device Primary User Assignment with PowerShell

This article walks through how to us a PowerShell script to automate assigning primary users to your devices in JumpCloud. The script analyzes all devices and identifies which of them are eligible to have a primary user automatically assigned. It also allows you to specify exclusions for certain usernames (such as administrator and guest accounts) as part of an ignore list. Before making changes, a summary report is generated for review and confirmation.

Prerequisites:

• You must have an API key to authenticate before running the script. See JumpCloud APIs for more information.
• You must have an Administrator role in JumpCloud to be able to run the script.
• The script requires PowerShell 5.1 or higher.
• The JumpCloud PowerShell Module must be installed, and it must be version 2.18.0 or higher.
  • If not installed, open PowerShell as an Administrator and run Install-Module -Name JumpCloud to install.

Considerations:

• The script will only propose assigning a primary user if specific conditions are met:
  • A primary user will be assigned when:
    • The device has one user directly bound to it who is not on your ignore list.
    • The device has multiple users directly bound to it, but only one user remains after applying the ignore list.
  • A primary user will not be assigned when:
    • The device already has a primary user assignment.
    • The device has no bound users.
    • Users are not directly bound to the device (for example, users bound to the device from a user group are indirectly bound).
    • Multiple eligible users remain after applying the ignore list.
    • An eligible user on the device is also on the ignore list.

Running the Assign Primary User Script

Step 1: Download and Run the Script

1. Download the PowerShell script from JumpCloud.
2. Save it as a .ps1 file (e.g., Assign-PrimaryUsers.ps1).
3. Open PowerShell, navigate to the file's location, and run it: .\Assign-PrimaryUsers.ps1

Step 2: Connect to JumpCloud

The script prompts for your API key to connect to JumpCloud. You will then be asked if you want to use a different key or provide an Organization ID (for multi-tenant portals), which is useful for switching between organizations.

Step 3: Provide the User “Ignore List”

Next, you'll be prompted to enter an ignore list. This prevents admin or service accounts from being assigned as a primary user.

• Enter usernames separated by commas (e.g., admin,jdoe,service-account).
• The script checks if each username exists. If any are invalid, you will be notified and asked to enter the list again.
• Press Enter to skip this step.

Step 4: Analysis

The script analyzes each device in your organization, checking user bindings, the ignore list you provided, and any existing primary user assignments. A progress bar displays.

Step 5: The CSV Report

After the analysis, a CSV report of all devices is generated. You will be prompted to choose a save location.

• Press Enter to save the file to the Desktop.
• You will then be asked if you want to open the report.

The generated CSV is your tool for reviewing all proposed changes:

• SystemID: The system's unique JumpCloud ID.
• SystemHostname: The hostname of the system.
• SystemDisplayname: The system's display name in JumpCloud.
• AssociatedUserCount: Total number of users associated with the device.
• ProposedPrimaryUserEmail: The email of the proposed primary user. This field displays "No Primary User can be assigned" if no candidate was found.
• ProposedPrimaryUsername: The username of the proposed primary user. This field displays "No Primary User can be assigned" if no candidate was found.
• Reason: A clear explanation of each device's status and why a user was or was not proposed for assignment.

Step 6: Final Confirmation

The script will state how many devices are eligible for an update and ask for final confirmation before making any changes.

• Enter y to proceed.
• Enter n to exit safely without making changes.

Step 7: Review the Final Summary

The script will end by displaying a summary of its findings and actions in the PowerShell Terminal.

Assigned primary users are reflected in the JumpCloud Admin Portal devices list. You may need to add the Primary User column to the list view to see this information.