Home
> Mac administration, macOS, Mobile Device Management, Scripting > Identifying which MDM server a Mac is enrolled with
Identifying which MDM server a Mac is enrolled with
Every so often, you may run across a Mac which is enrolled in an MDM server which is different from the one it should be. However, if you’re checking remotely, it may be difficult to identify which one it is.
To help with this task, there is a script available which will parse the MDM enrollment profile on your Mac and identify the DNS name of the MDM server. For more details, please see below the jump.
When run, the script should provide output similar to what’s shown below:
If enrolled with an MDM server:
username@computername ~ % sudo ./check_mdm_enrollment.sh Password: MDM server address: mdm.server.address.here username@computername ~ %
If not enrolled with an MDM server:
username@computername ~ % sudo ./check_mdm_enrollment.sh Password: Not enrolled in an MDM server. username@computername ~ %
The script is available below. It is also available from the following location on GitHub:
https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/check_mdm_enrollment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Check MDM server enrollment | |
# This script checks to see if this Mac has an MDM enrollment profile. | |
# If one is present, the MDM server's DNS address is displayed. | |
exitCode=1 | |
# This script must run with root privileges | |
if [[ "$(/usr/bin/id -u)" -eq 0 ]]; then | |
# Check to see if Mac is enrolled in an MDM server. | |
if [[ -n "$(profiles list -output stdout-xml | awk '/com.apple.mdm/ {print $1}' | tail -1)" ]]; then | |
# If enrolled in an MDM server, get the MDM profile's xml representation | |
profileXML=$(/usr/bin/profiles list -output stdout-xml | /usr/bin/xmllint –xpath '//dict[key = "_computerlevel"]/array/dict[key = "ProfileItems"]/array/dict[key = "PayloadType" and string = "com.apple.mdm"]' – 2>/dev/null) | |
if [[ -n "$profileXML" ]]; then | |
mdmURL=$(echo "$profileXML" | /usr/bin/xmllint –xpath '//dict[key = "PayloadContent"]/dict/key[text() = "ServerURL"]/following-sibling::string[1]/text()' – 2>/dev/null) | |
if [[ -n "$mdmURL" ]]; then | |
displayMDM=$(echo "$mdmURL" | awk -F '/' '{print $3}' ) | |
echo "MDM server address: $displayMDM" | |
exitCode=0 | |
else | |
echo "Failed to get MDM URL!" | |
fi | |
else | |
echo "Failed read MDM profile!" | |
fi | |
else | |
echo "Not enrolled in an MDM server." | |
exitCode=0 | |
fi | |
else | |
echo "You must be root in order to run this script!" | |
fi | |
exit $exitCode |
Categories: Mac administration, macOS, Mobile Device Management, Scripting
Comments (0)
Leave a comment
Recent Comments