SCMDM 2008 SP1 - Device removal procedure?
- How do i go about to removing a device from the scmdm console? I managed to run removedevice powershell cmdlet it successfully removes the device from the domain and adds it to block list i then run clean up of blocked devices powershell cmdlet but the device still appears in the all devices section. Is there a way of removing them from the console completely?
I read on these forums that we might need to update TEE.db? If so how can that be done ?
Cheers
Ras
All Replies
You've followed the correct procedure. It can take a while for the devices to disappear. From memory... these entries are cleared by a housekeeping task. Sleep on it... check in the morning.
Cheers Wayne
Airloom- Thanks for that Wayne ,
It been more than 24hrs since I executed those commands , They still appear to be in there... Is there a way of enforcing this housekeeping task? so i dont have to wait for them to dissapear from the list...
Cheers
Ras - When all else fails try the "MDM Device Records Synchronization Tool". You'll find it in the "MDM Server Tools"
Cheers Wayne
Airloom - yes it tried that too yesterday it finds 2 devices removes them ( remind you it adds them back in to blocked devices ) then i run claen block devices it cleans that container but yet alone they still appear in my All Devices List....
Cheers
Ras - Make sure the devices have been deleted from AD. Run the "MDM Device Records Synchronization Tool" again. Don't run anything else! Leave it overnight.
Cheers Wayne
Airloom - I just tried that and it picked up on the devices deleted from AD. I will leave it overnight and see if that resolves the problem ....
So the correct procedure is to run
RemoveDevice cmdlet
CleanBlocked Devices cmdlet
SyncwithAD cmdlet
and leave overnight ?
Would that be the procedure for removing a device from MDM console?
Cheers
Ras No. Each script does something specific, you can't just chain them together.
Remove Device - This removes enrolment requests
Clean Blocked Devices - This removes blocked device to speed up the gateway processing.
SyncwithAD - This helps synchronise MDM with AD.
The correct procedure is to leave them in the blocked list. ;-)
Cheers Wayne
Airloom
Thanks for that Wayne,No. Each script does something specific, you can't just chain them together.
Remove Device - This removes enrolment requests
Clean Blocked Devices - This removes blocked device to speed up the gateway processing.
SyncwithAD - This helps synchronise MDM with AD.
The correct procedure is to leave them in the blocked list. ;-)
Cheers Wayne
Airloom
Correct me if I am wrong but I was under the impression remove device cmdlet is used for removing the device from the domain....
Thanks
RasRas,
The name and purpose of the Powershell scripts are a little confusing, and my explanation didn't help. It should have read "Removes Successful Device Enrollment"! The RemoreDevice.ps1 script is used for :
Extract from the Readme :
and it :
Microsoft(r) System Center Mobile Device Manager (MDM) Device Enrollment Cleanup Tool can be used when:
1) A device has been locally wiped and the entry in Active Directory(r) directory service and the MDM databases still exists, or
2) A device has not connected to the server for a long time, indicating the account is not being used.
blocks the managed device from connecting after the device has been removed successfully from Active Directory and the MDM databases. You can only remove the device record from the Windows Server Update Services (WSUS) database if you installed the Software Distribution console and Administrator Tools on the same computer.
In my humble opinion, this represents a virtual "Device Wipe". It removes the device from the domain. No argument there! It also adds the device to the block list, which contradicts the explanation. It can't be removed from the MDM database and be blocked at the same time !
We still have the "Clean Blocked Devices" script, which should remove the device all together... but "Clean Blocked Devices" doesn't remove the device as expected. It removes the blocked status. Back to square one.
Cheers Wayne
Airloom- Did anyone get anywhere with this?
I'm struggling with the same problem. - Hi there Chris,
I am still having the same problem , devices still appear to be on All devices list even though they are not listed on the domain etc ... I hope someone will be able to shed some light on this. I think it might be a bug with SCMDM 2008 SP1 ...
Cheers
ras - We use a SQL script that cleans records that have changed from status 3 to status 4. We move these records to a new table in the database, so we have documentation and "logging".
To change to status 4 you have to use the RemoveDevice.PS1 script from the SystemTools (sp1).
You can then do the smart thing, to have the SQL script monitor the database for changes. That way you do not have to run the SQL script everytime you run removedevice
So - We now have a clean up mechanism running :-)
BTW: The RemoveDevice Cleans the device. Sends a wipe, removes from AD, and revokes the certificate from the CA and changes the status from 3 to 4 in the DB
Kind regards, Jesper Bagh- Proposed As Answer byJesper Bagh Monday, November 02, 2009 9:20 AM
- hi
we too are also experiencing problems with this where we've removed devices using the removedevice command and then re-used the device name - but then the console show's two records for devices with the same name.
we too have also used the syncwithAD command also and left it overnight but still doesn't c;lear the problem.
regards
Justin Jesper,
Thanks for the "Heads Up". I'm sure there a lots of people in the community who want to clean up their MDM environments. Is there any chance you could post the script to help them out. You could post it on your blog and attach a link here. I am sure you wouldn't mind a bit of extra traffic to your excellent blog : http://www.jesperitblog.dk ;-)Cheers Wayne
Airloom
We use a SQL script that cleans records that have changed from status 3 to status 4. We move these records to a new table in the database, so we have documentation and "logging".
To change to status 4 you have to use the RemoveDevice.PS1 script from the SystemTools (sp1).
You can then do the smart thing, to have the SQL script monitor the database for changes. That way you do not have to run the SQL script everytime you run removedevice
So - We now have a clean up mechanism running :-)
BTW: The RemoveDevice Cleans the device. Sends a wipe, removes from AD, and revokes the certificate from the CA and changes the status from 3 to 4 in the DB
Kind regards, Jesper Bagh
Hi there Jasper,
I would really appreciate it if you could share your script with us.
Cheers
RasThe way I got around this eventually was to block the device and then leave it over night. For some reason after blocking the device in the MDM console it isn't removed from the list until the next day... This seems crazy to me but I'm sure there is a good reason for it.
After it has eventually disappeared from the Managed Devices list you can then run the ".\CleanBlockedDevices.ps1 0" command and the device is then completely removed from MDM.
Hope that helps.
Chris- Proposed As Answer byWayne Phillips.MVP, ModeratorMonday, November 09, 2009 11:26 PM
The way I got around this eventually was to block the device and then leave it over night. For some reason after blocking the device in the MDM console it isn't removed from the list until the next day... This seems crazy to me but I'm sure there is a good reason for it.
After it has eventually disappeared from the Managed Devices list you can then run the ".\CleanBlockedDevices.ps1 0" command and the device is then completely removed from MDM.
Hope that helps.
Chris
Hi there Chris,
So you simply block the device or run removedevice script? I still have no luck.
so block the device .
leave over night and the run clean blocked devices script?
Cheers
RasHi Ras,
I think the problem is that if you run the clean blocked devices script before leaving it over night it won't work.
The process is -
1. Block the Device
2. Leave over night until the device no longer appears in the Managed Devices List
3. Run the Clean Blocked Device Script so the deivce is removed from the blocked devices list.
This seems to work for me.
