I am looking for a file on a Mac that can tell me if it is part of our ABM or not.
I have tried looking for this file but I am not sure it is an accurate tell.
I have thought about building a script around this command
/usr/libexec/mdmclient dep nag
Which would refresh the record with this .cloudConfigRecordFound
mdmclient dep nag
deprecated? Also, the replacement command will fall under
profiles renew -type enrollment
Which will either a) fail because it's already enrolled and spit some error about
Error: Existing Device Enrollment configuration was found.
which you could record the response maybe and create an EA and look for any that DON'T spit that response out? But if it does, and a user is prompted, they could then turn around and complete the enrollment, thus, defeating your test.
I would look at this differently. I assume you have access to your ABM. You should be able to download a list of all your enrolled serials and compare that to your enrolled serials in Jamf and look for discrepancies. Something like
sdiff --suppress-common-lines /path/to/Jamf/serials.csv /path/to/ABM/serials.csv
Or an excel pivot table kind of thing.
Thinking more about this - if it's to be on-going, probably something recording the status from
sudo profiles show -type enrollment
sudo profiles validate -type enrollment
may get what you're after. but
is probably your friend here.
I wrote an Extension Attribute that seems to work. The only rub for my environment is that we still have some older machines that are not in Apple Business Manager and we have some machines that were ordered in a rush that were never entered.
/usr/bin/profiles show -type enrollment | grep ConfigurationURL | cut -d '"' -f2
if [ "$ABMCheck" != "URL" ]; then
result="Not Regn ABM"
elif [ "$ABMCheck" = URL ]; then result="Regn ABM"