- Jamf Nation Community
- Products
- Jamf Pro
- Re: jamf pro migration
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 10:46 AM
Hello.
When I attempt to migrate around 100 machines from one jamf cloud instance to another the computers are move from the old jamf to the new one but the MDM profile for the new jamf pro is not being installed and when I open Self Service I'm prompted to approve the MDM but once I click the button there is no profile to be approved
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 04:25 PM
#!/bin/bash
# pass user creds from policy
jamfUser=$4
jamfPass=$5
jssUrl=""
# Get Mac serial number
mac_serial=`system_profiler SPHardwareDataType | awk '/Serial/ {print $4}'`
echo "Mac serial: $mac_serial"
# Curl to get Mac Jamf ID. Adding text()' will just return the Jamf ID without bracked info.
jamf_id=$(curl -sku "${jamfUser}:${jamfPass}" "${jssUrl}/JSSResource/computers/serialnumber/${mac_serial}" -X GET | xmllint --xpath '/computer/general/id/text()' -)
echo "Jamf ID: $jamf_id"
#Just opens the Jamf user-initiated enrollment site
#open https://jamfcloudinstance/enroll
# Curl to send command to remove MDM profile from the Mac
curl -sku "${jamfUser}:${jamfPass}" "${jssUrl}/JSSResource/computercommands/command/UnmanageDevice/id/${jamf_id}" -X POST
echo "Removing jamf binary and framework from Mac..."
# Removing Jamf binary and framework after the MDM has been removed
#jamf removeframework
sudo profiles renew -type enrollment
exit 0
16 REPLIES 16
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 01:41 PM
Hi, can you please provide more details on what process you are doing to remove the old MDM from the mac and enroll to the new Jamf instance?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 02:44 PM
@junjishimazaki I'm using the ReEnroller package, also I have tried just installing the signed quick add package
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 03:29 PM
Ah ok, I know this script from github. This script relies on the quickadd package to enroll. So, as you may or may not know, the QuickAdd package will not work on any OS Big Sur and above. It will not install the new MDM profile. Does this script indeed remove the old Jamf MDM profile? Also, is your MDM locked/non-removable?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 03:33 PM
Thank you the quick response, not the MDM can be removed as the machine is not DEP enrolled do you mind pointing me to the script you are talking about thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 03:35 PM
I thought you were talking about this script. https://github.com/jamf/ReEnroller
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 03:36 PM
Oh yes, sorry, that is what I'm using
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 03:40 PM
Also yes I'm trying to find another solution as I was reading what you said about Big Sur and newer and all the machine being migrated are either on Monterey or Big Sur.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 03:48 PM
It doesn't work well because of the QuickAdd, so I created my own script to do this. I usually don't like using someone elses script unless it's something I can't do myself. In preparing for the migration, I logged into the Apple Business Manager and created a new MDM to re-assign all the macs to the new Jamf instance. Then in the new Jamf instance, I added the new ADE. Then I assigned the macs to the new Jamf instance Prestage so I don't have to rely on the user-initiated enrollment process.
So, I created a script similar to ReEnroller to use the curl command to send the command from the old jamf instance to remove the MDM to the mac and then use the command: sudo profiles renew -type enrollment to Prestage enroll. This will install the MDM of the new instance and update the Jamf binary.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 03:49 PM
In the old jamf instance, the MDM was locked so I created another script to remove the locked MDM just in case the MDM couldn't be removed. This requires the SIP to be disabled first.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 03:53 PM
But I thought if the machines were never added to DEP, they cannot be added later
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 03:57 PM
As long as the macs are in ABM, you can add any MDM instance and assign those macs to that MDM. Then in that Jamf instance, you add to the Automated Device Enrollment. Which is exactly what I did.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 03:59 PM
Last thing if is not too much asking, do you mind sharing your script
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 04:01 PM
I'll see if I can find it since it was about a year ago that I did this migration.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 04:03 PM
Thank you either way, I really appreciate your help
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 04:25 PM
#!/bin/bash
# pass user creds from policy
jamfUser=$4
jamfPass=$5
jssUrl=""
# Get Mac serial number
mac_serial=`system_profiler SPHardwareDataType | awk '/Serial/ {print $4}'`
echo "Mac serial: $mac_serial"
# Curl to get Mac Jamf ID. Adding text()' will just return the Jamf ID without bracked info.
jamf_id=$(curl -sku "${jamfUser}:${jamfPass}" "${jssUrl}/JSSResource/computers/serialnumber/${mac_serial}" -X GET | xmllint --xpath '/computer/general/id/text()' -)
echo "Jamf ID: $jamf_id"
#Just opens the Jamf user-initiated enrollment site
#open https://jamfcloudinstance/enroll
# Curl to send command to remove MDM profile from the Mac
curl -sku "${jamfUser}:${jamfPass}" "${jssUrl}/JSSResource/computercommands/command/UnmanageDevice/id/${jamf_id}" -X POST
echo "Removing jamf binary and framework from Mac..."
# Removing Jamf binary and framework after the MDM has been removed
#jamf removeframework
sudo profiles renew -type enrollment
exit 0Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2022 04:25 PM - edited 05-06-2022 04:26 PM
You can test out some of the commands that I commented. I don't remember if the running sudo jamf removeframework to remove the jamf binary worked
