Polling machines to tell if they are in ABM or not

ifbell
Contributor

I am looking for a file on a Mac that can tell me if it is part of our ABM or not.

I have tried looking for this file but I am not sure it is an accurate tell.
var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled

I have thought about building a script around this command
/usr/libexec/mdmclient dep nag
Which would refresh the record with this .cloudConfigRecordFound

3 REPLIES 3

easyedc
Valued Contributor II

Isn't the

mdmclient dep nag

deprecated? Also, the replacement command will fall under

profiles renew -type enrollment

Which will either a) fail because it's already enrolled and spit some error about

Error: Existing Device Enrollment configuration was found.

which you could record the response maybe and create an EA and look for any that DON'T spit that response out? But if it does, and a user is prompted, they could then turn around and complete the enrollment, thus, defeating your test.

I would look at this differently. I assume you have access to your ABM. You should be able to download a list of all your enrolled serials and compare that to your enrolled serials in Jamf and look for discrepancies. Something like

sdiff --suppress-common-lines /path/to/Jamf/serials.csv /path/to/ABM/serials.csv

Or an excel pivot table kind of thing.

easyedc
Valued Contributor II

Thinking more about this - if it's to be on-going, probably something recording the status from

sudo profiles show -type enrollment

or

sudo profiles validate -type enrollment

may get what you're after. but

/usr/bin/profiles

is probably your friend here.

daniel_behan
Contributor III

I wrote an Extension Attribute that seems to work. The only rub for my environment is that we still have some older machines that are not in Apple Business Manager and we have some machines that were ordered in a rush that were never entered.

!/bin/sh

ABMCheck=/usr/bin/profiles show -type enrollment | grep ConfigurationURL | cut -d '"' -f2

if [ "$ABMCheck" != "URL" ]; then result="Not Regn ABM"
elif [ "$ABMCheck" = URL ]; then result="Regn ABM"
fi

echo "<result>$result</result>"