The JumpCloud PowerShell Module is a powerful tool designed to simplify administrative tasks for IT professionals. By using PowerShell commands, you can create reports for devices, users, System Insights, and more.
Prerequisites:
- A JumpCloud administrator account.
- The JumpCloud PowerShell Module is installed on your device. See Install the JumpCloud PowerShell Module to learn more.
JumpCloud offers Technical Support and Professional Services. This article is intended to provide guidance and examples for utilizing the JumpCloud PowerShell Module. If you require assistance with custom scripting or specialized solutions, consider contacting your Account Manager.
To connect to the PowerShell Module and export CSV reports:
- At a PowerShell prompt, enter the following command and your API key when prompted:
Connect-JCOnline
Need help finding your JumpCloud API key? See JumpCloud APIs.
- After authenticating, select the appropriate
Get-
command needed to create the report. In this example, we’ll useGet-JCUser
.- Jump to Understanding Get commands for additional examples.
- For a full list of commands, see PowerShell Module Docs.
- Once you’ve determined the command needed to collect the information, append it using the PowerShell Utility
Export-CSV
. This converts the results into a series of character-separated value (CSV) strings and saves it to a file.- See Microsoft’s Export-Csv to learn more.
Get-JCUser -department IT -returnProperties email, firstname, lastname | Export-Csv -Path .\IT.csv
- This example creates a CSV file with all the users under the IT department with email, first name, and last name values.
- The default save path for the CSV file:
- macOS: /Users/username
- Windows: C:\Users\Username from user account you ran the command.
Understanding Get Commands
The Get
parameter in the Get-JCUser
cmdlet indicates the action of retrieving information. When used without additional parameters, it fetches details about all JumpCloud users within the specified JumpCloud org. Additionally, it enables targeted searching for a particular user by specifying parameters such as username
, firstname
, lastname
, or email
.
Example 1: To create a report of users within a specific department, use the parameter -Department “String“
. Replace the string value with the name of the department.
The following example returns all users under the IT department with all the properties of the user:
Get-JCUser -Department "IT"
You can limit the results to specific values by leveraging -returnProperties
. This example shows all the users under the IT department but will return only the email, first name, and last name values:
Get-JCUser -department IT -returnProperties email, firstname, lastname
Example 2: To find a specific application installed on devices, use Get-JCSystemApp
. The following example will return all macOS devices that have Chrome installed:
Get-JCSystemApp -name chrome -SystemOS macOS
Some properties are case sensitive, so be sure that you're using the correct value.
Additional PowerShell Report Examples
The following section contains common JumpCloud PowerShell commands that you can run to collect reporting data for your JumpCloud managed devices and users. For a full list of JumpCloud PowerShell commands available, see Using the JumpCloud PowerShell Module.
Installed Application Reporting
- Find a specific application (Chrome) installed on macOS devices and output to CSV:
Get-JCSystemApp -name chrome -Search -SystemOS macOS | Export-Csv -Path .\Chrome.csv
- Query all installed applications for all macOS devices and output to CSV:
Get-JCSystemApp -SystemOS macOS | ConvertTo-CSV | Out-File macOSapps.csv
- Query all installed applications for all macOS devices (excluding OS supplied or native applications) and output to CSV:
get-jcsystemapp -SystemOS macOS | ?{$_.Path -notlike '/System/' -and $_.Path -notlike '/Library/'} | export-csv filename.csv
- Query all installed applications for all Linux devices and output to CSV:
Get-JCSystemApp -SystemOS linux | ConvertTo-CSV | Out-File linuxPackages.csv
- Query all installed applications on all Windows devices and output to CSV:
Get-JCSystemApp -SystemOS windows | select-object systemid,name,publisher,version,installdate,installsource,identifyingnumber | ConvertTo-CSV | Out-File windowsPackages.csv
Device Reporting
- List devices with drives where Bitlocker is enabled and Auto Unlock is disabled:
Get-JCSystemInsights -Table BitlockerInfo | select-object systemid, ProtectionStatus, driveletter | Where-Object {$_.protectionstatus -eq 2}
- Query devices with a last contact date within the last 90 days and output to CSV:
Get-JCSystem -filterDateProperty lastContact -dateFilter after -date (Get-Date).AddDays(-90) -returnProperties hostname, lastContact, created | Export-Csv JCSystemslastContact.csv
- List devices that are bound to a domain:
get-jcsystem | select-object hostname,domaininfo | where-object {$_.domaininfo.domainName -ne ""}
- Collect device full disk encryption (FDE) keys and output to CSV:
Get-JCSystem | ? fde -Like "*keyPresent=True; active=True*" | Select-object hostname, _id, @{Name='key';Expression={Get-JCSystem -SystemID $_._id -SystemFDEKey | Select-object -expandProperty key}} | Export-CSV JCSystemFDEKeys.CSV
- Query devices where FDE is enabled but keys are not escrowed and output to CSV:
Get-JCSystem | ? fde -Like "*keyPresent=false; active=True*" | Select-object hostname, ID, FDE | | Export-CSV JCSystemMissingFDEKeys.CSV
User Reporting
- List all users and their password expiration dates:
[int]$UTCOffset = '-6' # Update with your locations timezone offset to UTC. 8 = Singapore Standard Time, -5 = EST, - 8 = PST, -6 = MDT
Get-JCUser -returnProperties username, password_expiration_date, password_expired | Select-Object username, @{name = "password_expiration_date"; expression = { ($_.password_expiration_date).addHours($UTCOffset)}}, @{name ="day of week";expression = {(($_.password_expiration_date).addHours($UTCOffset)).DayOfWeek}}, password_expired | Sort-Object password_expiration_date
- Lists users not bound to a device:
$Users = Get-JCUser
$Users |
Where-Object {$_.Id -notin (Get-JCAssociation -Type:('user') -Id:($_.Id) -TargetType:('user_group')).id} | Select-Object username
- List users not bound to a user group:
$Users = Get-JCUser
$Users |
Where-Object {$_.Id -notin (Get-JCAssociation -Type:('user') -Id:($_.Id) -TargetType: ('user_group')).id} |
Select-Object username