Create Reports With the PowerShell Module

The JumpCloud PowerShell Module is a powerful tool designed to simplify administrative tasks for IT professionals. By using PowerShell commands, you can create reports for devices, users, System Insights, and more.

Prerequisites:

Note:

JumpCloud offers Technical Support and Professional Services. This article is intended to provide guidance and examples for utilizing the JumpCloud PowerShell Module. If you require assistance with custom scripting or specialized solutions, consider contacting your Account Manager.

To connect to the PowerShell Module and export CSV reports:

  1. At a PowerShell prompt, enter the following command and your API key when prompted: Connect-JCOnline

Tip:

Need help finding your JumpCloud API key? See JumpCloud APIs.

  1. After authenticating, select the appropriate Get- command needed to create the report. In this example, we’ll use Get-JCUser.
  2. Once you’ve determined the command needed to collect the information, append it using the PowerShell Utility Export-CSV. This converts the results into a series of character-separated value (CSV) strings and saves it to a file.

Get-JCUser -department IT -returnProperties email, firstname, lastname | Export-Csv -Path .\IT.csv 

  • This example creates a CSV file with all the users under the IT department with email, first name, and last name values.
  • The default save path for the CSV file:
    • macOS: /Users/username
    • Windows: C:\Users\Username from user account you ran the command.

Understanding Get Commands

The Get parameter in the Get-JCUser cmdlet indicates the action of retrieving information. When used without additional parameters, it fetches details about all JumpCloud users within the specified JumpCloud org. Additionally, it enables targeted searching for a particular user by specifying parameters such as username, firstname, lastname, or email.

Example 1: To create a report of users within a specific department, use the parameter -Department “String“. Replace the string value with the name of the department.

The following example returns all users under the IT department with all the properties of the user:

Get-JCUser -Department "IT"

You can limit the results to specific values by leveraging -returnProperties. This example shows all the users under the IT department but will return only the email, first name, and last name values:

Get-JCUser -department IT -returnProperties email, firstname, lastname

Example 2: To find a specific application installed on devices, use Get-JCSystemApp. The following example will return all macOS devices that have Chrome installed:

Get-JCSystemApp -name chrome -SystemOS macOS

Note:

Some properties are case sensitive, so be sure that you're using the correct value.

Additional PowerShell Report Examples

The following section contains common JumpCloud PowerShell commands that you can run to collect reporting data for your JumpCloud managed devices and users. For a full list of JumpCloud PowerShell commands available, see Using the JumpCloud PowerShell Module.

Installed Application Reporting

  • Find a specific application (Chrome) installed on macOS devices and output to CSV:

Get-JCSystemApp -name chrome -Search -SystemOS macOS | Export-Csv -Path .\Chrome.csv

  • Query all installed applications for all macOS devices and output to CSV:

Get-JCSystemApp -SystemOS macOS | ConvertTo-CSV | Out-File macOSapps.csv

  • Query all installed applications for all macOS devices (excluding OS supplied or native applications) and output to CSV:

get-jcsystemapp -SystemOS macOS | ?{$_.Path -notlike '/System/' -and $_.Path -notlike '/Library/'} | export-csv filename.csv

  • Query all installed applications for all Linux devices and output to CSV:

Get-JCSystemApp -SystemOS linux | ConvertTo-CSV | Out-File linuxPackages.csv

  • Query all installed applications on all Windows devices and output to CSV:

Get-JCSystemApp -SystemOS windows | select-object systemid,name,publisher,version,installdate,installsource,identifyingnumber | ConvertTo-CSV | Out-File windowsPackages.csv

Device Reporting

  • List devices with drives where Bitlocker is enabled and Auto Unlock is disabled:

Get-JCSystemInsights -Table BitlockerInfo | select-object systemid, ProtectionStatus, driveletter | Where-Object {$_.protectionstatus -eq 2}

  • Query devices with a last contact date within the last 90 days and output to CSV:

Get-JCSystem -filterDateProperty lastContact -dateFilter after -date (Get-Date).AddDays(-90) -returnProperties hostname, lastContact, created | Export-Csv JCSystemslastContact.csv

  • List devices that are bound to a domain:

get-jcsystem | select-object hostname,domaininfo | where-object {$_.domaininfo.domainName -ne ""} 

  • Collect device full disk encryption (FDE) keys and output to CSV:

Get-JCSystem | ? fde -Like "*keyPresent=True; active=True*" | Select-object hostname, _id, @{Name='key';Expression={Get-JCSystem -SystemID $_._id -SystemFDEKey | Select-object -expandProperty key}} | Export-CSV JCSystemFDEKeys.CSV

  • Query devices where FDE is enabled but keys are not escrowed and output to CSV:

Get-JCSystem | ? fde -Like "*keyPresent=false; active=True*" | Select-object hostname, ID, FDE | | Export-CSV JCSystemMissingFDEKeys.CSV

User Reporting

  • List all users and their password expiration dates:

[int]$UTCOffset = '-6' # Update with your locations timezone offset to UTC. 8 = Singapore Standard Time, -5 = EST, - 8 = PST, -6 = MDT

Get-JCUser -returnProperties username, password_expiration_date, password_expired | Select-Object username, @{name = "password_expiration_date"; expression = { ($_.password_expiration_date).addHours($UTCOffset)}}, @{name ="day of week";expression = {(($_.password_expiration_date).addHours($UTCOffset)).DayOfWeek}}, password_expired | Sort-Object password_expiration_date

  • Lists users not bound to a device:

$Users = Get-JCUser
$Users |
Where-Object {$_.Id -notin (Get-JCAssociation -Type:('user') -Id:($_.Id) -TargetType:('user_group')).id} | Select-Object username

  • List users not bound to a user group:

$Users = Get-JCUser
$Users |
Where-Object {$_.Id -notin (Get-JCAssociation -Type:('user') -Id:($_.Id) -TargetType: ('user_group')).id} |
Select-Object username

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case