AndyHill Posted January 21, 2022 Posted January 21, 2022 I am trying out InTune asset import using the runbook provided by @Steve G and it is identifying assets in InTune but then failing to import anything. Before running this I backed up our current asset and then used the Hornbill Clean Up tool to nuke it so their are no assets on our system. Anyone go this runbook work succesfully or offer any guidance/advice?
MichelleReaney Posted January 25, 2022 Posted January 25, 2022 Bump - is anyone from Hornbill able to assist with this?
Rob Gething Posted February 1, 2022 Posted February 1, 2022 @AndyHill, Does this help you at all? <#PSScriptInfo .VERSION 1.0.0 .AUTHOR robert.gething@ipo.gov.uk .COMPANYNAME UK IPO .TAGS hornbill powershell intune azure automation workflow runbook .RELEASENOTES Initial Release .DESCRIPTION Azure Automation Runbook to retrieve mobile assets from Intune, and import them into your Hornbill instance CMDB. #> #Requires -Module @{ModuleVersion = '1.1.0'; ModuleName = 'HornbillAPI'} #Requires -Module @{ModuleVersion = '1.1.1'; ModuleName = 'HornbillHelpers'} #Retrieve Microsoft Intune tenant information $intuneAutomationCredential = Get-AutomationPSCredential -Name IntuneAutomation $intuneAutomationAppId = Get-AutomationVariable -Name AutomationVar $tenant = Get-AutomationVariable -Name AzureADTenantId $Resource = "https://graph.microsoft.com/beta/deviceManagement/managedDevices" # Define Hornbill Params $AssetClass = "mobileDevice" # Asset Class for Mobile Devices in your Hornbill instance $AssetType = "11" # Primary Key for the "Smart Phone" asset type in your Hornbill instance $AssetEntity = "AssetsMobileDevice" # Entity name of the Hornbill entity used to check for existing assets $AssetUniqueColumn = "h_serial_number" # Column in the above entity used to check for existing assets #Import Azure AD PowerShell for Graph (GA) $AadModule = Import-Module -Name AzureAD -ErrorAction Stop -PassThru #Import Hornbill Modules Import-Module -Name HornbillAPI -ErrorAction Stop -WarningAction silentlyContinue Import-Module -Name HornbillHelpers -ErrorAction Stop -WarningAction silentlyContinue # Create Hornbill instance details Set-HB-Instance -Instance (Get-AutomationVariable -Name InstanceID) -Key (Get-AutomationVariable -Name APIKey) #Authenticate with the Graph API REST interface $adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll" $adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll" [System.Reflection.Assembly]::LoadFrom($adal) | Out-Null [System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null $redirectUri = "urn:ietf:wg:oauth:2.0:oob" $resourceAppIdURI = "https://graph.microsoft.com" $authority = "https://login.microsoftonline.com/$tenant" try { $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority # https://msdn.microsoft.com/en-us/library/azure/microsoft.identitymodel.clients.activedirectory.promptbehavior.aspx # Change the prompt behaviour to force credentials each time: Auto, Always, Never, RefreshSession $platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Auto" $userId = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList ($intuneAutomationCredential.Username, "OptionalDisplayableId") $userCredentials = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.UserPasswordCredential -ArgumentList $intuneAutomationCredential.Username, $intuneAutomationCredential.Password $authResult = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($authContext, $resourceAppIdURI, $intuneAutomationAppId, $userCredentials); if ($authResult.Result.AccessToken) { $authHeader = @{ 'Content-Type' = 'application/json' 'Authorization' = "Bearer " + $authResult.Result.AccessToken 'ExpiresOn' = $authResult.Result.ExpiresOn } } elseif ($authResult.Exception) { throw "An error occured getting access token: $($authResult.Exception.InnerException)" } } catch { throw $_.Exception.Message } $LastLoop = $false $AssetsProcessed = @{ "created" = 0 "primaryupdated" = 0 "relatedupdated" = 0 "found" = 0 "totalupdated" = 0 } while($LastLoop -eq $false -and $Resource -ne "") { Write-Output -InputObject ("Retrieving devices from: " + $Resource) $ManagedDevices = Invoke-RestMethod -Uri $Resource -Method Get -Headers $authHeader $DeviceCount = 0 if($ManagedDevices.PSobject.Properties.name -match "@odata.count") { $DeviceCount = $ManagedDevices."@odata.count" } $Resource = "" if($ManagedDevices.PSobject.Properties.name -match "@odata.nextLink") { $Resource = $ManagedDevices."@odata.nextLink" } if($DeviceCount -eq 0) { $LastLoop = $true } else { $DevicesArr = $ManagedDevices.Value if($null -ne $DevicesArr) { foreach($Device in $DevicesArr){ $AssetsProcessed.found++ #Set Date/Time $CurrDateTime = Get-Date -format "yyyy/MM/dd HH:mm:ss" #Does asset exist? $AssetIDCheck = Get-HB-AssetID $Device.serialNumber $AssetEntity $AssetUniqueColumn if( $null -ne $AssetIDCheck.AssetID) { Write-Output -InputObject ("Asset already exists, updating: " + $AssetIDCheck.AssetID) $UpdatedPrimary = $false $UpdatedRelated = $false #Asset Exists - Update Primary Entity Data First Add-HB-Param "application" "com.hornbill.servicemanager" Add-HB-Param "entity" "Asset" Add-HB-Param "returnModifiedData" "true" Open-HB-Element "primaryEntityData" Open-HB-Element "record" Add-HB-Param "h_pk_asset_id" $AssetIDCheck.AssetID Add-HB-Param "h_class" $AssetClass Add-HB-Param "h_asset_urn" ("urn:sys:entity:com.hornbill.servicemanager:Asset:"+$AssetIDCheck.AssetID) if($null -ne $Device.userDisplayName -and $null -ne $Device.userPrincipalName) { $OwnerURN = "urn:sys:0:" + $Device.userDisplayName + ":" + $Device.userPrincipalName Add-HB-Param "h_owned_by" $OwnerURN Add-HB-Param "h_owned_by_name" $Device.userDisplayName } Add-HB-Param "h_name" $Device.deviceName Add-HB-Param "h_description" $Device.managedDeviceName Close-HB-Element "record" Close-HB-Element "primaryEntityData" $UpdateAsset = Invoke-HB-XMLMC "data" "entityUpdateRecord" if($UpdateAsset.status -eq 'ok' -and $UpdateAsset.params.primaryEntityData.PSobject.Properties.name -match "record") { $UpdatedPrimary = $true $AssetsProcessed.primaryupdated++ Write-Output -InputObject ("Asset Primary Record Updated: " + $AssetIDCheck.AssetID) } else { $ErrorMess = $UpdateAsset.error if($UpdateAsset.params.primaryEntityData.PSobject.Properties.name -notmatch "record") { $ErrorMess = "There are no values to update" } Write-Warning ("Error Updating Primary Asset Record " + $AssetIDCheck.AssetID + ": " + $ErrorMess) } # Now update related record information Add-HB-Param "application" "com.hornbill.servicemanager" Add-HB-Param "entity" "Asset" Add-HB-Param "returnModifiedData" "true" Open-HB-Element "primaryEntityData" Open-HB-Element "record" Add-HB-Param "h_pk_asset_id" $AssetIDCheck.AssetID Close-HB-Element "record" Close-HB-Element "primaryEntityData" Open-HB-Element "relatedEntityData" Add-HB-Param "relationshipName" "AssetClass" Add-HB-Param "entityAction" "update" Open-HB-Element "record" Add-HB-Param "h_type" $AssetType Add-HB-Param "h_capacity" $Device.totalStorageSpaceInBytes Add-HB-Param "h_description" $Device.managedDeviceName Add-HB-Param "h_imei_number" $Device.imei Add-HB-Param "h_mac_address" $Device.wiFiMacAddress Add-HB-Param "h_manufacturer" $Device.manufacturer Add-HB-Param "h_model" $Device.model Add-HB-Param "h_name" $Device.deviceName Add-HB-Param "h_os_version" ($Device.operatingSystem + " " + $Device.osVersion) Add-HB-Param "h_phone_number" $Device.phoneNumber Add-HB-Param "h_serial_number" $Device.serialNumber Close-HB-Element "record" Close-HB-Element "relatedEntityData" $UpdateAssetRelated = Invoke-HB-XMLMC "data" "entityUpdateRecord" if($UpdateAssetRelated.status -eq 'ok') { $UpdatedRelated = $true $AssetsProcessed.relatedupdated++ Write-Output -InputObject ("Asset Related Record Updated: " + $AssetIDCheck.AssetID) } else { Write-Warning ("Error Updating Related Asset Record " + $AssetIDCheck.AssetID + ": " + $UpdateAssetRelated.error) } if($UpdatedPrimary -eq $true -or $UpdatedRelated -eq $true) { $AssetsProcessed.totalupdated++ #Update Last Udated fields Add-HB-Param "application" "com.hornbill.servicemanager" Add-HB-Param "entity" "Asset" Open-HB-Element "primaryEntityData" Open-HB-Element "record" Add-HB-Param "h_pk_asset_id" $AssetIDCheck.AssetID Add-HB-Param "h_last_updated" $CurrDateTime Add-HB-Param "h_last_updated_by" "Azure Intune Import" Close-HB-Element "record" Close-HB-Element "primaryEntityData" $UpdateLastAsset = Invoke-HB-XMLMC "data" "entityUpdateRecord" if($UpdateLastAsset.status -ne 'ok') { Write-Warning ("Asset updated but error returned updating Last Updated values: " + $UpdateLastAsset.error) } } } else { #Asset doesn't exist - Add Add-HB-Param "application" "com.hornbill.servicemanager" Add-HB-Param "entity" "Asset" Add-HB-Param "returnModifiedData" "true" Open-HB-Element "primaryEntityData" Open-HB-Element "record" Add-HB-Param "h_class" $AssetClass Add-HB-Param "h_type" $AssetType Add-HB-Param "h_last_updated" $CurrDateTime Add-HB-Param "h_last_updated_by" "Azure Intune Import" if($null -ne $Device.userDisplayName -and $null -ne $Device.userPrincipalName) { $OwnerURN = "urn:sys:0:" + $Device.userDisplayName + ":" + $Device.userPrincipalName Add-HB-Param "h_owned_by" $OwnerURN Add-HB-Param "h_owned_by_name" $Device.userDisplayName } Add-HB-Param "h_name" $Device.deviceName Add-HB-Param "h_description" $Device.managedDeviceName Close-HB-Element "record" Close-HB-Element "primaryEntityData" Open-HB-Element "relatedEntityData" Add-HB-Param "relationshipName" "AssetClass" Add-HB-Param "entityAction" "insert" Open-HB-Element "record" Add-HB-Param "h_type" $AssetType Add-HB-Param "h_capacity" $Device.totalStorageSpaceInBytes Add-HB-Param "h_description" $Device.managedDeviceName Add-HB-Param "h_imei_number" $Device.imei Add-HB-Param "h_mac_address" $Device.wiFiMacAddress Add-HB-Param "h_manufacturer" $Device.manufacturer Add-HB-Param "h_model" $Device.model Add-HB-Param "h_name" $Device.deviceName Add-HB-Param "h_os_version" ($Device.operatingSystem + " " + $Device.osVersion) Add-HB-Param "h_phone_number" $Device.phoneNumber Add-HB-Param "h_serial_number" $Device.serialNumber Close-HB-Element "record" Close-HB-Element "relatedEntityData" $InsertAsset = Invoke-HB-XMLMC "data" "entityAddRecord" if($InsertAsset.status -eq 'ok') { $AssetsProcessed.created++ Write-Output -InputObject ("Asset Imported: " + $InsertAsset.params.primaryEntityData.record.h_pk_asset_id) #Now update the asset with its URN Add-HB-Param "application" "com.hornbill.servicemanager" Add-HB-Param "entity" "Asset" Open-HB-Element "primaryEntityData" Open-HB-Element "record" Add-HB-Param "h_pk_asset_id" $InsertAsset.params.primaryEntityData.record.h_pk_asset_id Add-HB-Param "h_asset_urn" ("urn:sys:entity:com.hornbill.servicemanager:Asset:"+$InsertAsset.params.primaryEntityData.record.h_pk_asset_id) Close-HB-Element "record" Close-HB-Element "primaryEntityData" $UpdateAsset = Invoke-HB-XMLMC "data" "entityUpdateRecord" if($UpdateAsset.status -eq 'ok') { } else { Write-Warning ("Error Updating Asset URN: " + $UpdateAsset.error) } } else { Write-Warning ("Error Creating Asset: " + $InsertAsset.error) } } } } } } "" "IMPORT COMPLETE" Write-Output -InputObject ("Assets Found:" + $AssetsProcessed.found) Write-Output -InputObject ("Assets Created:" + $AssetsProcessed.created) Write-Output -InputObject ("Assets Updated:" + $AssetsProcessed.created) Write-Output -InputObject ("* Primary Record Updated:" + $AssetsProcessed.primaryupdated) Write-Output -InputObject ("* Related Record Updated:" + $AssetsProcessed.relatedupdated)
AndyHill Posted February 14, 2022 Author Posted February 14, 2022 @Rob Gething thanks for the post with the help of Sam I have been able to get this working now.
AndyHill Posted February 15, 2022 Author Posted February 15, 2022 @Rob Gething if you change the owner of one of your devices are seeing it get changed back when your script next runs. I am not seeing changes myself.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now