Home > Mac administration, macOS, Mobile Device Management, Scripting > Identifying which MDM server a Mac is enrolled with

Identifying which MDM server a Mac is enrolled with

Every so often, you may run across a Mac which is enrolled in an MDM server which is different from the one it should be. However, if you’re checking remotely, it may be difficult to identify which one it is.

To help with this task, there is a script available which will parse the MDM enrollment profile on your Mac and identify the DNS name of the MDM server. For more details, please see below the jump.

When run, the script should provide output similar to what’s shown below:

If enrolled with an MDM server:

username@computername ~ % sudo ./check_mdm_enrollment.sh
Password:
MDM server address: mdm.server.address.here
username@computername ~ %

Screen Shot 2020 03 18 at 12 09 09 PM

 

If not enrolled with an MDM server:

username@computername ~ % sudo ./check_mdm_enrollment.sh
Password:
Not enrolled in an MDM server.
username@computername ~ %

Screen Shot 2020 03 18 at 12 12 07 PM

The script is available below. It is also available from the following location on GitHub:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/check_mdm_enrollment


#!/bin/bash
# Check MDM server enrollment
# This script checks to see if this Mac has an MDM enrollment profile.
# If one is present, the MDM server's DNS address is displayed.
exitCode=1
# This script must run with root privileges
if [[ "$(/usr/bin/id -u)" -eq 0 ]]; then
# Check to see if Mac is enrolled in an MDM server.
if [[ -n "$(profiles list -output stdout-xml | awk '/com.apple.mdm/ {print $1}' | tail -1)" ]]; then
# If enrolled in an MDM server, get the MDM profile's xml representation
profileXML=$(/usr/bin/profiles list -output stdout-xml | /usr/bin/xmllint –xpath '//dict[key = "_computerlevel"]/array/dict[key = "ProfileItems"]/array/dict[key = "PayloadType" and string = "com.apple.mdm"]'2>/dev/null)
if [[ -n "$profileXML" ]]; then
mdmURL=$(echo "$profileXML" | /usr/bin/xmllint –xpath '//dict[key = "PayloadContent"]/dict/key[text() = "ServerURL"]/following-sibling::string[1]/text()'2>/dev/null)
if [[ -n "$mdmURL" ]]; then
displayMDM=$(echo "$mdmURL" | awk -F '/' '{print $3}' )
echo "MDM server address: $displayMDM"
exitCode=0
else
echo "Failed to get MDM URL!"
fi
else
echo "Failed read MDM profile!"
fi
else
echo "Not enrolled in an MDM server."
exitCode=0
fi
else
echo "You must be root in order to run this script!"
fi
exit $exitCode

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: