Skip to main content
Question

removeMDMprofile vs removeFramework for automated migration to Jamf Cloud using ADE

D
Forum|alt.badge.img+8

So, as I've expanded the testing of our Jamf on-prem to Jamf Cloud migration out to our "friends and family" in IT, I ran across an issue where the jamf removeMDMprofile command removed the profiles, but the device still would not perform ADE at reboot. (device loaded in ABM, assigned to our Jamf Cloud, and assigned a PreStage Enrollment)

Creating a throw-away account in order to get through Setup Assistant and perform additional troubleshooting, we found the device still reported it was configured to look for our on-prem, per the output of the jamf checkJSSConnection command. manually running jamf deleteSetupDone and jamf removeFramework, followed by a reboot allowed the ADE process to perform properly on this device.

Should I modify my script to check the output of this command for this potential state (and perform a removeFramework), or just change to use the jamf removeFramework command instead of (or after removeMdmProfile) for all users instead? Obviously I lose the ability to use the jamf binary in any form while unmanaged, but are there any other potential issues I should be concerned about?

 

Thanks in advance!

    5 replies

    D
    Forum|alt.badge.img+11
    • daniel_behan
    • Valued Contributor
    • 196 replies
    • October 3, 2022

    There are two parts to JAMF Management; the jamf binary which performs inventory updates and policies, and MDM which installs Configuration Profiles and performs management commands via APNS.

     

    Running "jamf removeMdmProfile" does just what the command says, it removes MDM, but not the binary, so the machine is still managed and checking into the server specified in the com.jamfsoftware.jamf.plist. If you want to completely un-manage the machine, running "jamf removeFramework" deletes the MDM Profiles and the jamf binary.

     

    If you're testing something against a different server, you can change the server that the jamf binary reports to by running "jamf createConf <options>".  You can look at the options by running 

    "jamf help createConf"

    S
    Forum|alt.badge.img+5
    • sk25
    • Contributor
    • 64 replies
    • February 25, 2023

    @davidi4 @daniel_behan This is not an answer. I've a question. In order to migrate from Jamf to other MDM tool, what would be the best way to the Jamf components. Thanks in advance.

    D
    Forum|alt.badge.img+11
    • daniel_behan
    • Valued Contributor
    • 196 replies
    • February 27, 2023

    I'm not sure I'm understanding the question.  If you want to direct a Mac from one JAMF Server to another, you can can issue a /usr/local/bin/jamf createConf -url, which would point next recon to the new server.  Or better yet, use tools like jamfMigrator. And ReEnroller.

    S
    Forum|alt.badge.img+5
    • sk25
    • Contributor
    • 64 replies
    • March 2, 2023
    daniel_behan wrote:

    I'm not sure I'm understanding the question.  If you want to direct a Mac from one JAMF Server to another, you can can issue a /usr/local/bin/jamf createConf -url, which would point next recon to the new server.  Or better yet, use tools like jamfMigrator. And ReEnroller.


    @daniel_behan Thanks Daniel. Using the mentioned tools, can the migration be smooth? I've few concerns.
    1.    Is there any way to migrate all the Devices, Policies, Profiles, Applications, and other settings to Jamf Cloud instantly? Or whether all settings are to be re-deployed in Jamf Cloud and re-enroll all the devices into Jamf Cloud?
    2. All the devices are currently enrolled through Apple Business Manager. Do the devices require wipe and re-enroll into Jamf Cloud?
    3. How will the license be managed? Does On-Premise license be transferred to Jamf Cloud?

    D
    Forum|alt.badge.img+11
    • daniel_behan
    • Valued Contributor
    • 196 replies
    • March 2, 2023

    To be honest, I have not used these tools personally.  My cloud migration was performed a while back before re-enrollment could be affected by user-approved MDM, even before original DEP.  Your best bet is to discuss with your JAMF Account Representative.  If I'm reading correctly, the Migrator tool sets up your underlying Framework, jamfcpr or JAMF Admin can be used to migrate the actual packages and ReEnroller can be used on the computer itself.

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings