+4Hello.
When I attempt to migrate around 100 machines from one jamf cloud instance to another the computers are move from the old jamf to the new one but the MDM profile for the new jamf pro is not being installed and when I open Self Service I'm prompted to approve the MDM but once I click the button there is no profile to be approved
Best answer by junjishimazaki
#!/bin/bash
# pass user creds from policy
jamfUser=$4
jamfPass=$5
jssUrl=""
# Get Mac serial number
mac_serial=`system_profiler SPHardwareDataType | awk '/Serial/ {print $4}'`
echo "Mac serial: $mac_serial"
# Curl to get Mac Jamf ID. Adding text()' will just return the Jamf ID without bracked info.
jamf_id=$(curl -sku "${jamfUser}:${jamfPass}" "${jssUrl}/JSSResource/computers/serialnumber/${mac_serial}" -X GET | xmllint --xpath '/computer/general/id/text()' -)
echo "Jamf ID: $jamf_id"
#Just opens the Jamf user-initiated enrollment site
#open https://jamfcloudinstance/enroll
# Curl to send command to remove MDM profile from the Mac
curl -sku "${jamfUser}:${jamfPass}" "${jssUrl}/JSSResource/computercommands/command/UnmanageDevice/id/${jamf_id}" -X POST
echo "Removing jamf binary and framework from Mac..."
# Removing Jamf binary and framework after the MDM has been removed
#jamf removeframework
sudo profiles renew -type enrollment
exit 0
+10Hi, can you please provide more details on what process you are doing to remove the old MDM from the mac and enroll to the new Jamf instance?
+4Hi, can you please provide more details on what process you are doing to remove the old MDM from the mac and enroll to the new Jamf instance?
@junjishimazaki I'm using the ReEnroller package, also I have tried just installing the signed quick add package
+10Ah ok, I know this script from github. This script relies on the quickadd package to enroll. So, as you may or may not know, the QuickAdd package will not work on any OS Big Sur and above. It will not install the new MDM profile. Does this script indeed remove the old Jamf MDM profile? Also, is your MDM locked/non-removable?
+4Ah ok, I know this script from github. This script relies on the quickadd package to enroll. So, as you may or may not know, the QuickAdd package will not work on any OS Big Sur and above. It will not install the new MDM profile. Does this script indeed remove the old Jamf MDM profile? Also, is your MDM locked/non-removable?
Thank you the quick response, not the MDM can be removed as the machine is not DEP enrolled do you mind pointing me to the script you are talking about thanks
+4Oh yes, sorry, that is what I'm using
+4Also yes I'm trying to find another solution as I was reading what you said about Big Sur and newer and all the machine being migrated are either on Monterey or Big Sur.
+10It doesn't work well because of the QuickAdd, so I created my own script to do this. I usually don't like using someone elses script unless it's something I can't do myself. In preparing for the migration, I logged into the Apple Business Manager and created a new MDM to re-assign all the macs to the new Jamf instance. Then in the new Jamf instance, I added the new ADE. Then I assigned the macs to the new Jamf instance Prestage so I don't have to rely on the user-initiated enrollment process.
So, I created a script similar to ReEnroller to use the curl command to send the command from the old jamf instance to remove the MDM to the mac and then use the command: sudo profiles renew -type enrollment to Prestage enroll. This will install the MDM of the new instance and update the Jamf binary.
+10In the old jamf instance, the MDM was locked so I created another script to remove the locked MDM just in case the MDM couldn't be removed. This requires the SIP to be disabled first.
+4In the old jamf instance, the MDM was locked so I created another script to remove the locked MDM just in case the MDM couldn't be removed. This requires the SIP to be disabled first.
But I thought if the machines were never added to DEP, they cannot be added later
+10As long as the macs are in ABM, you can add any MDM instance and assign those macs to that MDM. Then in that Jamf instance, you add to the Automated Device Enrollment. Which is exactly what I did.
+4Last thing if is not too much asking, do you mind sharing your script
+10I'll see if I can find it since it was about a year ago that I did this migration.
+4I'll see if I can find it since it was about a year ago that I did this migration.
Thank you either way, I really appreciate your help
+10#!/bin/bash
# pass user creds from policy
jamfUser=$4
jamfPass=$5
jssUrl=""
# Get Mac serial number
mac_serial=`system_profiler SPHardwareDataType | awk '/Serial/ {print $4}'`
echo "Mac serial: $mac_serial"
# Curl to get Mac Jamf ID. Adding text()' will just return the Jamf ID without bracked info.
jamf_id=$(curl -sku "${jamfUser}:${jamfPass}" "${jssUrl}/JSSResource/computers/serialnumber/${mac_serial}" -X GET | xmllint --xpath '/computer/general/id/text()' -)
echo "Jamf ID: $jamf_id"
#Just opens the Jamf user-initiated enrollment site
#open https://jamfcloudinstance/enroll
# Curl to send command to remove MDM profile from the Mac
curl -sku "${jamfUser}:${jamfPass}" "${jssUrl}/JSSResource/computercommands/command/UnmanageDevice/id/${jamf_id}" -X POST
echo "Removing jamf binary and framework from Mac..."
# Removing Jamf binary and framework after the MDM has been removed
#jamf removeframework
sudo profiles renew -type enrollment
exit 0+10You can test out some of the commands that I commented. I don't remember if the running sudo jamf removeframework to remove the jamf binary worked
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.