Jamf to Jamf Device Migration Script

There are two scripts available for migrating Macs from another Jamf instance to the campus Jamf instances:

utexas-jamf-migrate-to-user-enrolled

UT gitub (eid required): utexas-jamf-migrate-to-user-enrolled

Migrates Macs to campus Jamf as user-enrolled

1. Add the script to the source Jamf instance (copy and paste from mdm.utexas.edu or use Jamf Migrator)
2. Create a policy to run the script.
3. Add the no-login invitation ID (last part of the URL, or listed in Enrollment Invitations) as a parameter.
4. To migrate to the Sandbox instance instead of Prod, add utexassandbox.jamfcloud.com as a parameter (mdm.utexas.edu is the default).  
   1. Note you must use an invitation ID from the Sandbox in that case
5. Optionally, add parameters for the source Jamf server, api username, and api password.  This will allow the script to use the API to remove the MDM Profile, if the Mac was prestage-enrolled.
   1. the API account must have permissions to permissions to Create/Read/Update Computers, Flush MDM Commands, and send the Computer Unmanage command
   2. if you grant EPM access to your instance, we can migrate an account with those privileges for you
6. Set the scope to the Macs you wish to migrate
7. Add to Self Service or trigger at check-in as desired.

The console user must approve the new MDM Profile.  When the script runs, first the user is prompted with a popup dialog:

Then they are granted admin rights temporarily, and Profiles will open.

The user clicks Install and can enter their normal username & password to approve the profile.

utexas-jamf-migrate-to-prestage-enrolled

UT github (eid required): utexas-jamf-migrate-to-prestage-enrolled

Migrates Macs to campus Jamf as prestage-enrolled

1. Add the script to the source Jamf instance (copy and paste from mdm.utexas.edu or use Jamf Migrator)
2. Create a policy to run the script.
3. Set the scope to the Macs you wish to migrate
4. Add parameters for your source Jamf server, api username, and api password
   1. the API account must have permissions to Create/Read/Update Computers, Flush MDM Commands, and send the Computer Unmanage command
   2. if you grant EPM access to your instance, we can migrate an account with those privileges for you
5. (optional but strongly recommended) Add parameters for the destination Jamf server, api username, and api password
   1. this is for checking that the computer does not exist but is assigned to a PreStage 
   2. there is an "epm-api-migration" account in campus Jamf that can be used - it has read-only access to computers and prestages only
6. Add to Self Service or trigger at check-in as desired

REQUIRED: CHANGE ASSIGNMENT IN APPLE SCHOOL MANAGER TO NEW MDM SERVER FIRST

The console user must approve the new MDM Profile.  When the script runs, if the destination account is provided, the script will check that the Mac does not exist in the destination and is assigned
to a PreStage Enrollment.  It will abort if neither is the case (migration will fail if those 2 conditions are not met, which is why the destination API account is strongly recommended).

If it continues, the user is prompted with a dialog:

Then the script uses the API to issue the MDM remove command.  It will wait for the profile to be removed before proceeding.

Then it will issue the "profiles renew -type enrollment" command and wait for the new MDM Profile to be installed.   The user is granted admin rights temporarily to approve the new profile.

The user must look for the "Device Enrollment" notification and click on it to install the new profile.  If it does not show up they should click on the clock/notification center. 
Once the profile is approved the Mac will finish enrolling in Jamf.

Once the MDM Profile is installed, the script will check the MDM server and if it is the same as the original, exit with the error "Migration failed: New MDM Profile is the same as the original" in the log.