For new attendees to the class this a walkthrough of the Web Services in SCMDM (you may start with the introduction first: http://mobilitydojo.net/2008/12/02/scmdm-2008-web-services-introduction/). For regulars; in this part we get to the meatier part when we go through the MobileDeviceManagerAdmin service.

I don’t know what the correct technical term is, but when looking at the virtual directory you’ll see there are a number of “sub services”:

Probably the more correct term is that there are actually several distinct web services grouped under a common virtual directory.

They are available at https://FQDN:8446/MDM/x/Admin.asmx where FQDN is your Device Management Server, and x is the service you want. (Replace x with a value from the list in the screenshot above.)

I’ve listed them all below here for your convenience, but as you can see from the available options not all of them are relevant for your “average” usage scenario.

AdgpService

AdminService

GatewayService

InventoryService

SoftwareDistributionService

TaskExecutionEngine

WipeService

We will not go into all of these operations. The functionality we are interested in right now (relating back to our sample application) is Wipe.

We want something like this in our utility:

Looking into the Wipe operation in our web browser we find the following:

This deviceID is the SID (Security Identifier) that can be found as a property of the device object in Active Directory. Given the device name we should be able to look up the SID so for the sake of our user interface this does not matter.

WipeOut
So we just pass the SID on to the Wipe operation, and we’re done right? Ah, if it only were that easy. If you have been following my trail of screenshots you’ll have noticed other operations that might seem to be related to the wipe operation namely the following:
- UnEnroll (EnrollmentAdmin – shown in previous web service article)
- RemoveDevice (AdminService)
- AddBlockedDevice (GatewayService)

You see, there are different kinds of wipes depending on what you are trying to achieve. A wipe deletes the contents of a device, a block prevents the device from establishing the VPN tunnel (thus only reaching as far as the Gateway server), remove device will remove it from the managed devices list, and unenroll presumably removes the Active Directory object. But I’ll admit that I am not entirely sure of the details these operations perform, in which sequence you should execute them, etc. “Wipe” and “Block Device” are both available as options in the MDM console, and has different purposes (a blocked device can be unlocked and allowed to connect again). Let’s just it leave it there for now

In the spirit of keeping things simple I’ll only use the “simple” wipe operation here since this will get rid of everything on the device. The code used to wipe looks like this:

Few things to keep in mind here. Since the SID of the device can only be found through Active Directory I perform an LDAP lookup that should return the SID given the device name as input. Make sure the ldapPath is searching the right OU for devices. Make sure you use the correct objectCategory and objectClass in the LDAP filter. (The values I use should work for you as well if you haven’t modified anything regarding device objects.)

I have also hard-coded username/password for authentication, and included the FQDN of the web service which means you can run it from other computers in the LAN than the server, and without using the credentials of the logged-on user. This is purely for the purpose of illustration! Do not actually take this approach for a solution you will be using. (I like to show different techniques which is why I do it here, but I will change it later when tidying up the internals of my application.)

I guess we can check off another item on my “feature list” for the simple helpdesk utility. There’s still a few steps that remains before we have a working application, but most of those aren’t relevant for you to go through. So I’ll perform those by myself, and present you with the result instead

We have scratched the surface of the web services interface in SCMDM, and showed some very simple things you can do with it. There are obviously some limitations to this interface to the servers, but you can probably still come up with other use cases than the ones I have. I might revisit the web service topic at a later time though. I’ll post a wrap-up of the helpdesk utility as soon as I have it compiled and performed an initial beta test.