Help

Smart User Group with Managed Apple Account users

KennethJ
New Contributor II

Posted on ‎05-27-2025 12:33 AM

Hi

I'm trying to make a Smart User Group that takes all Managed Apple Account that ends on our primary domain.

I'm using the following Criteria "Managed Apple ID - matches regex - .*aau\.dk$", but for some reason it only takes 92 out of the 129 users we have with a Managed Apple Account. For example I have a user with the following information in the Roster tab that's not added to that Smart User Group:

Screenshot 2025-05-27 at 09.25.14.png

I have also tried just using "Managed Apple ID - Like - aau.dk" and that still does not add all the users.

Any ideas?

//Kenneth

0 Kudos
Reply
4 REPLIES 4

feolaney
New Contributor III

Posted on ‎05-27-2025 07:45 AM

Well the regex at a simple level works for me, tested in my environment and pulled every user with the targeted domain.

A couple things that come to mind that I might check on:

  • Make sure that the Field is populated in Jamf for the users that aren't showing in your Smart User Group and that it matches what you are expecting.  Pull a report of all users using an Advanced User Search and make sure that it includes "Roster Managed Apple ID" criteria.
  • Check for any trailing white spaces or control chars with the value Jamf has for "Roster Managed Apple ID", can use /s* at the end of your regex to account for that if applicable
  • If there is an issue with case sensitivity then add (?i) to the beginning of your query

    That is where I would start, hope you are able to find whatever is holding up your query
0 Kudos
Reply

KennethJ
New Contributor II

Posted on ‎05-28-2025 12:11 AM

@feolaney So I just tried what you suggested with the search and I can see that in the search the "Managed Apple ID" field is empty. But as shown on my screenshot on my main post, there is a "Managed Apple ID" on the Roster page of the user. Very weird why that would not show up there.

Screenshot 2025-05-28 at 09.05.32.png

0 Kudos
Reply

feolaney
New Contributor III

Posted on ‎05-28-2025 07:52 AM

Interesting, I would try the following:

  1. First force a sync

  2. Then make sure the Class Naming Format and Matching Criteria for Importing Users sections of your Apple School Manager Instance (under Settings > Apple education support) is mapped correctly.  You can look at the inventory of the machines that are missing the Roster Managed Apple ID in the report you ran and should be able to cross reference what is set for the matching criteria with what is in your ASM and Jamf, probably a mismatch with the email if thats what your matching with.

 

0 Kudos
Reply

cdenesha
Valued Contributor III
In response to feolaney

Posted on ‎05-29-2025 11:14 AM

Hello,

I have found that in some instances, even though a user may have a Managed Apple Account (MAA) from the Roster, that field is not always populated in Jamf's user object. Using the API to put it there doesn't work. Deleting the user object and repopulating from a roster sync may or may not fix it.

Now that you know about both fields, use them both in your criteria and you should be good.

thank you,

chris

Reply