Deleting old Airwatch devices with Powershell

Published on 13 November 2018
Airwatch Powershell REST API

I posted previously about how to connect to Airwatch REST APIs with Powershell. The abillity to interact with Airwatch via this method, means that you can do things (like deleting old devices) programatically. If you can do it programatically, you can schedule it to make it an automated process.

The code itself is fairly simple, as most of the grunt work is done by the existing API calls that I put in my Airwatch module. These are "get-AWDevices", "Remove-AWDevice", and optionally If you need to find the OU code, "Get-AWOrganisationalGroups".

Once you have the the module installed locally, the following script will use those to remove old devices. It works on devices that haven't been seen for the past 90 days, but that can be changed. It also has a "count" that will limit the number of devices that are changed (to satisfy your testing), although a better way is to peruse $olddevices before doing an actual delete.

        $count = 0
        $daysold = -90
        $Server = "https://awc.server.com"
        $CertificateSubject = "CN=4610:APIMGMT-dom"
        $orggroup = 1045
        #Get-AWOrganisationalGroups -server $server -CertificateSubjectName $certificatesubject
        # Get the devices
        $devices = Get-AWDevices -server $server -OrganisationalGroup $orggroup -CertificateSubjectName $CertificateSubject
        $olddevices = New-Object System.Collections.ArrayList
        ForEach ($device in $devices) {
            $devicedate = [datetime]$device.LastSeen
            if ($devicedate -lt ((get-date).date).AddDays($daysold)) {
                $olddevices.add($device) > $null
            } 
        }
        $olddevicescount = $olddevices.count
        Write-output "$olddevicescount old devices found."
        If ($olddevicescount -ne 0) {
            #Delete the devices
            ForEach ($olddevice in $olddevices) {
                $Count++
                $Olddeviceid = $olddevice.deviceid
                Remove-AWDevice -server $server -DeviceID $olddeviceid -CertificateSubjectName $CertificateSubject
                If ($Count -eq 10) {
                    break
                }
            }
            write-output "$count devices deleted."
        }
        else {
            Write-Output "No old devices to delete."
        }

There isn't much output, but you should find your old devices disappear. You can of course then use "Get-AWDevice" to verify that this is indeed the case.

comments powered by Disqus