...
- jamf-migrate-to-user-enrolled
- jamf-migrate-to-prestage-enrolled
Both scripts will remove the existing MDM profile, then enroll the Mac in the destination Jamf. As the names indicate, the end result is a user-enrolled Mac or a prestage-enrolled Mac.
It doesn't matter if the Mac was originally prestage-enrolled or user-enrolled - both scripts can use the Jamf API to remove the MDM Profile on prestage-enrolled Macs when the profile is marked non-removable.
...
Since user interaction is required, the scripts will prompt the user with instructions - and, re-prompt in some cases (e.g to click "Install" on the profile). There are "DIALOG_" variables at the top that can be used to customize the messages for your organization.
jamf-migrate-to-user-enrolled
To use this script you will need an Enrollment Invitation in the destination Jamf, configured to not require login.
The script will use this to download the enrollment profile, to install the new MDM Profile.
...
Edit the following variables in the script to customize the dialog messages.The values used in the screenshots are:
- DIALOG_TITLE="ORGANIZATION NAME"
- DIALOG_JAMF_DEST="the new Jamf server"
- DIALOG_ORG_NAME="Company"
When the script runs, the user is prompted with:
...
Once the profile is installed, the user is demoted (if they were not originally Admin) and they get a message that the migration is complete:
jamf-migrate-to-prestage-enrolled
The script to migrate a Mac as prestage-enrolled requires that the Mac be reassigned to the destination Jamf first, ie in ASM/ABM. The Mac must be assigned to a Prestage Enrollment in the destination or the script will exit with an error.
- Add the script to the source Jamf
- Add a policy to run the script
- Parameter 4: Source Jamf server, for using the API to remove MDM
- Parameter 5: Source Jamf api auth - "user:password" (without quotes) which has been base64-encoded
- The API account must have permissions to permissions to Create/Read/Update Computers, Flush MDM Commands, and send the Computer Unmanage command
- Parameter 6 (optional): Destination Jamf server, for using the API to check if the computer is assigned to a prestage
- Parameter 7 (optional): Destination Jamf api auth - "user:password" (without quotes) which has been base64-encoded
- The API account needs read-only access to computers and prestages only
...
Edit the following variables in the script to customize the dialog messages:
- DIALOG_TITLE="ORGANIZATION NAME"
- DIALOG_JAMF_DEST="the new Jamf server"
- DIALOG_ORG_NAME="Company"
- DIALOG_ASM_NAME="Company Name"
When the script runs, the user is prompted with:
...
Once the profile is installed, the user is demoted (if they were not originally Admin) and they get a message that the migration is complete:
...