A PowerShell module for the Datto RMM API v2. Provides typed, object-oriented access to devices, sites, alerts, jobs, filters, variables, and account management with built-in adaptive throttling and secure credential handling.
⚠️ Legacy Rate-Limit CompatibilitySome Datto RMM accounts use a legacy single-bucket rate-limit model. Use the
-LegacyThrottleswitch onConnect-DattoRMMto enable compatibility. See Known Issues for details.
Requires PowerShell 7.4 or later (Core edition only).
- Typed Object Model — All API responses are returned as strongly-typed PowerShell classes with properties, methods, and pipeline support.
- Full Pipeline Integration — Chain commands naturally:
Get-RMMSite | Get-RMMDevice | Get-RMMAlert. - Adaptive Throttling — Automatic rate-limit management with configurable profiles (Aggressive, Medium, Cautious) for safe single or concurrent use.
- Secure by Default — Credentials handled via
SecureStringandPSCredential; tokens held in memory only; PII-sensitive operations require explicit confirmation. - Persistent Configuration — Platform region, throttle profile, page size, and retry settings saved to a JSON config file for consistent behaviour across sessions.
- Opinionated CSV Export — Export Sites, Devices, and Alerts to flattened CSV using named column transforms. Supports user defined transformations.
- Comprehensive Coverage — 43 commands across 12 domains: Account, Activity Log, Alerts, Auth, Components, Config, Devices, Export, Filters, Jobs, Sites, and Variables.
See INSTALL.md for full instructions including execution policy options, certificate trust, user and system scope install, and Azure Automation.
Quick start — import directly from an extracted folder:
Import-Module .\DattoRMM.Core\DattoRMM.Core.psd1# Connect with API key and secret
$Secret = Read-Host -Prompt "Enter API Secret" -AsSecureString
Connect-DattoRMM -Key "your-api-key" -Secret $Secret
# Retrieve all devices
Get-RMMDevice
# Get alerts for a specific site
Get-RMMSite -Name "Main Office" | Get-RMMAlert
# Export all sites to CSV
Get-RMMSite | Export-RMMObjectCsv -Path .\Sites.csvFor credential storage options (SecretStore, Azure Automation, Key Vault), see Authentication.
Resolve all critical-severity alerts for devices in a site filter:
$Filter = Get-RMMSite -Name "Main Office" | Get-RMMFilter -Name "Critical Servers"
$Filter | Get-RMMDevice | Get-RMMAlert | Where-Object {$_.Priority -eq "Critical"} | Resolve-RMMAlertMove devices from one site to another:
$Target = Get-RMMSite -Name "New Office"
Get-RMMSite -Name "Old Office" | Get-RMMDevice | Move-RMMDevice -Site $TargetRun an ad-hoc job on filtered devices:
$Component = Get-RMMComponent | Where-Object Name -eq "Patch WebServer"
Get-RMMDevice -FilterId 12345 | New-RMMQuickJob -JobName "Emergency Patch" -Component $Component -Force| Domain | Commands |
|---|---|
| Account | Get-RMMAccount, Get-RMMNetMapping, Get-RMMRequestRate, Get-RMMStatus, Get-RMMThrottleStatus, Get-RMMUser, Invoke-RMMApiMethod |
| Activity Log | Get-RMMActivityLog |
| Alerts | Get-RMMAlert, Resolve-RMMAlert |
| Auth | Connect-DattoRMM, Disconnect-DattoRMM, Request-RMMToken, Reset-RMMApiKeys, Show-RMMToken |
| Components | Get-RMMComponent |
| Config | Get-RMMConfig, Set-RMMConfig, Save-RMMConfig, Remove-RMMConfig |
| Devices | Get-RMMDevice, Get-RMMDeviceAudit, Get-RMMDeviceSoftware, Get-RMMEsxiHostAudit, Get-RMMPrinterAudit, Move-RMMDevice, Set-RMMDeviceUDF, Set-RMMDeviceWarranty |
| Export | Export-RMMObjectCsv |
| Filters | Get-RMMFilter |
| Jobs | Get-RMMJob, Get-RMMJobResult, New-RMMQuickJob |
| Sites | Get-RMMSite, Get-RMMSiteSettings, New-RMMSite, Set-RMMSite, Set-RMMSiteProxy, Remove-RMMSiteProxy |
| Variables | Get-RMMVariable, New-RMMVariable, Set-RMMVariable, Remove-RMMVariable |
Run Get-Help <CommandName> for detailed parameter and usage information, or see the command reference.
| Topic | Description |
|---|---|
| Installation | Download, unblock, execution policy, user/system/folder install, Azure Automation |
| Changelog | Version history and release notes |
| Security Policy | Vulnerability reporting and credential security design |
| Module Overview | Architecture, design principles, and feature summary |
| Authentication | All authentication methods, credential storage, and automation scenarios |
| Configuration | Platform regions, page size, retry settings, and persistent configuration |
| Throttling | Adaptive throttling, profiles, concurrent use, and API rate limit details |
| Security | PII handling, credential lifecycle, SecureString cross-platform behaviour |
| Export | CSV export, built-in transforms, custom transform authoring, UDF handling |
| Alert Context Discovery (Beta) | Guidance for collecting unrecognised alert context schema data during beta |
| Beta Overview | Beta status, expectations, and roadmap to v1 |
| Beta Guide | Getting started with the beta, usage tips, and feedback |
| Beta Examples | Worked examples: Azure Automation, CSV exports, type extensions, UDF expansion |
| Command Reference | Per-command documentation with examples |
| Class Reference | Typed output classes and enums |
About topics are also available in-module:
Get-Help about_DattoRMM.Core
Get-Help about_DattoRMM.CoreThrottlingThe following known issue is currently being tracked. Additional items may be added as the module evolves.
Some Datto RMM accounts are configured to use the legacy single‑bucket rate‑limit model instead of the modern read/write/operation model.
To connect with legacy compatibility:
Connect-DattoRMM -Key "your-api-key" -Secret $Secret -LegacyThrottleWhen -LegacyThrottle is enabled, all API requests (including writes) are tracked against the read bucket only. Write-specific counters, per-operation buckets, and write decay logic are bypassed.
This is a temporary compatibility mechanism. It will be deprecated once automatic detection of the rate-limit model is implemented.
See Issue #7 Issue: Add Support for Legacy Single‑Bucket Rate‑Limit Model (Module Currently Incompatible) for details and progress.
This module is provided "as is" without warranty of any kind. Use at your own risk. This project is not affiliated with or endorsed by Datto, Inc. or its subsidiaries.
This project is licensed under the Mozilla Public License 2.0 (MPL-2.0).
All source files include an SPDX license identifier for clarity and automated compliance:
SPDX-License-Identifier: MPL-2.0
You can find the full license text in the LICENSE file.