jahhan
asked on
Powershell script that lists IPhone devices connecting to OWA servers
I administer an Exchange 2003 SP 2 environment that service mobile clients via OWA. I would like to obtain a powershell script that audit OWA sessions that's initiated by IPhone devices.
there is a cmdlet Export-ActiveSyncLog that you can use
the output contains a users.csv file that will show the device activesync users are using
It's nice to know there isn't a better way than parsing IIS logs. Good call on that CmdLet endital1097, it parses the logs for us :)
Chris
ASKER
I was able to find a site that posted a powerscript that email the results; however, the email i get does not display any results.
#Created by P. Sukus
#Name: iPhone users syncing through OWA audit
#set the timeframe to audit in days
$Daysold = 90
$Date = (get-date).adddays(-$dayso
$servers = 'server1'
foreach ($s in $servers)
{
Write-host -ForegroundColor Blue "Checking server $s for files from the last $daysold day(s)"
$logfiles += gci -path \\$s\c$\windows\system32\l
}
Foreach ($l in $logfiles)
{
Write-host "Processing "$l.fullname
Copy-item $l.fullname -Destination $pwd.path
$listousers += gc $l.name | where {$_ -match "DeviceType="}
Remove-Item $l.name
}
$user = @()
foreach ($l in $listousers | where {$_ -ne $null})
{
$u = $l.split(" ")[8]
if ($user -notcontains $u)
{
$user += "$u"
}
$u = $null
}
$body = "<!DOCTYPE html PUBLIC `"-//W3C//DTD XHTML 1.0 Strict//EN`" `"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd`">"
$body += "<html xmlns=`"http://www.w3.org/1999/xhtml`">"
$body += "<head>"
$body += "<title>iPhone Users</title>"
$body += "</head><body>"
$body += "<table border=1>"
$body += "<colgroup>"
$body += "<col/>"
$body += "</colgroup>"
$body += "<tr><td><b>iPhone Users</b></td></tr>"
foreach ($y in $user)
{
$body += "<tr><td>$y</td></tr>"
}
$body += "</table>"
$body += "</body></html>"
$smtpServer = "smtpserver.com"
$mailer = new-object Net.Mail.SMTPclient($smtps
$From = "user1@test.com"
$To = "user1@test.com"
$subject = "iPhone users syncing through OWA in the last $daysold day(s)"
$msg = new-object Net.Mail.MailMessage($from
$msg.IsBodyHTML = $true
$mailer.send($msg)
#Created by P. Sukus
#Name: iPhone users syncing through OWA audit
#set the timeframe to audit in days
$Daysold = 90
$Date = (get-date).adddays(-$dayso
$servers = 'server1'
foreach ($s in $servers)
{
Write-host -ForegroundColor Blue "Checking server $s for files from the last $daysold day(s)"
$logfiles += gci -path \\$s\c$\windows\system32\l
}
Foreach ($l in $logfiles)
{
Write-host "Processing "$l.fullname
Copy-item $l.fullname -Destination $pwd.path
$listousers += gc $l.name | where {$_ -match "DeviceType="}
Remove-Item $l.name
}
$user = @()
foreach ($l in $listousers | where {$_ -ne $null})
{
$u = $l.split(" ")[8]
if ($user -notcontains $u)
{
$user += "$u"
}
$u = $null
}
$body = "<!DOCTYPE html PUBLIC `"-//W3C//DTD XHTML 1.0 Strict//EN`" `"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd`">"
$body += "<html xmlns=`"http://www.w3.org/1999/xhtml`">"
$body += "<head>"
$body += "<title>iPhone Users</title>"
$body += "</head><body>"
$body += "<table border=1>"
$body += "<colgroup>"
$body += "<col/>"
$body += "</colgroup>"
$body += "<tr><td><b>iPhone Users</b></td></tr>"
foreach ($y in $user)
{
$body += "<tr><td>$y</td></tr>"
}
$body += "</table>"
$body += "</body></html>"
$smtpServer = "smtpserver.com"
$mailer = new-object Net.Mail.SMTPclient($smtps
$From = "user1@test.com"
$To = "user1@test.com"
$subject = "iPhone users syncing through OWA in the last $daysold day(s)"
$msg = new-object Net.Mail.MailMessage($from
$msg.IsBodyHTML = $true
$mailer.send($msg)
ASKER
When I run the script it seem as if it is only scanning logs that are 90 days old and not scanning logs from present to 3 months ago.
in the beginning add $logfiles = @()
ASKER
endital1097,
thanks that resolved that issue; however, when i run the script i still do not receive any listing of HTTP sessions that are established via iPhone. I have checked log files and there are some entries that lists activesync connections.
Example: log file from 12/29/09
2009-12-29 00:00:46 W3SVC1 10.10.150.15 PROPFIND /exchange/TestUser.one@tes
I receive an email state iPhone Users, but no list of the iPhone users.
thanks that resolved that issue; however, when i run the script i still do not receive any listing of HTTP sessions that are established via iPhone. I have checked log files and there are some entries that lists activesync connections.
Example: log file from 12/29/09
2009-12-29 00:00:46 W3SVC1 10.10.150.15 PROPFIND /exchange/TestUser.one@tes
I receive an email state iPhone Users, but no list of the iPhone users.
you need to do the same line for $listofusers, any time you use a dynamic array where you add values you should define the array before using it
$listofusers = @()
$listofusers = @()
ASKER
I applied that line before $Daysold = 90, but I am still not receiving any results in the email.
$logfiles = @()
$listofusers = @()
$Daysold = 90
$Date = (get-date).adddays(-$dayso
$logfiles = @()
$listofusers = @()
$Daysold = 90
$Date = (get-date).adddays(-$dayso
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Endital1097,
Thanks for the update. I applied and ran the changes, but that did not work. What i had to do was rename "DeviceType=iPhone" to "iPhone".
Thanks for the update. I applied and ran the changes, but that did not work. What i had to do was rename "DeviceType=iPhone" to "iPhone".
It might be possible to pull it from the www logs (provided the user agent is logged and identifiable), I'm not sure how else it could be done.
Or do you know how you'd get it already?
Chris