We help IT Professionals succeed at work.

Powershell script that lists IPhone devices connecting to OWA servers

I administer an Exchange 2003 SP 2 environment that service mobile clients via OWA. I would like to obtain a powershell script that audit OWA sessions that's initiated by IPhone devices.    
Comment
Watch Question

Chris DentPowerShell Developer
Top Expert 2010

Commented:

It might be possible to pull it from the www logs (provided the user agent is logged and identifiable), I'm not sure how else it could be done.

Or do you know how you'd get it already?

Chris
there is a cmdlet Export-ActiveSyncLog that you can use
the output contains a users.csv file that will show the device activesync users are using
Chris DentPowerShell Developer
Top Expert 2010

Commented:

It's nice to know there isn't a better way than parsing IIS logs. Good call on that CmdLet endital1097, it parses the logs for us :)

Chris

Author

Commented:
I was able to find a site that posted a powerscript that email the results; however, the email i get does not display any results.

#Created by P. Sukus
#Name: iPhone users syncing through OWA audit
#set the timeframe to audit in days
$Daysold = 90
$Date = (get-date).adddays(-$daysold)
$servers = 'server1'
foreach ($s in $servers)
    {
    Write-host -ForegroundColor Blue "Checking server $s for files from the last $daysold day(s)"
    $logfiles += gci -path \\$s\c$\windows\system32\logfiles\W3SVC1 | where {$_.LastWriteTime -gt $date}
    }
Foreach ($l in $logfiles)
    {
    Write-host "Processing "$l.fullname
    Copy-item $l.fullname -Destination $pwd.path
    $listousers += gc $l.name | where {$_ -match "DeviceType="}
    Remove-Item $l.name
    }
$user = @()
foreach ($l in $listousers | where {$_ -ne $null})
    {
    $u = $l.split(" ")[8]
    if ($user -notcontains $u)
        {
        $user += "$u"
        }
    $u = $null
    }
$body = "<!DOCTYPE html PUBLIC `"-//W3C//DTD XHTML 1.0 Strict//EN`"  `"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd`">"
$body += "<html xmlns=`"http://www.w3.org/1999/xhtml`">"
$body += "<head>"
$body += "<title>iPhone Users</title>"
$body += "</head><body>"
$body += "<table border=1>"
$body += "<colgroup>"
$body += "<col/>"
$body += "</colgroup>"
$body += "<tr><td><b>iPhone Users</b></td></tr>"
foreach ($y in $user)
    {
    $body += "<tr><td>$y</td></tr>"
    }
$body += "</table>"
$body += "</body></html>"

$smtpServer = "smtpserver.com"
$mailer = new-object Net.Mail.SMTPclient($smtpserver)      
$From = "user1@test.com"
$To = "user1@test.com"
$subject = "iPhone users syncing through OWA in the last $daysold day(s)"
$msg = new-object Net.Mail.MailMessage($from,$to,$subject,$body)      
$msg.IsBodyHTML = $true
$mailer.send($msg)

Author

Commented:
When I run the script it seem as if it is only scanning logs that are 90 days old and not scanning logs from present to 3 months ago.
in the beginning add $logfiles = @()

Author

Commented:
endital1097,
thanks that resolved that issue; however, when i run the script i still do not receive any listing of HTTP sessions that are established via iPhone.  I have checked log files and there are some entries that lists activesync connections.

Example:  log file from 12/29/09
2009-12-29 00:00:46 W3SVC1 10.10.150.15 PROPFIND /exchange/TestUser.one@test.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPhone/Appl8684742AY7H - 80 test\tone 10.128.5.47 Microsoft-Server-ActiveSync/6.5.7638.1 207 0 0

I receive an email state iPhone Users, but no list of the iPhone users.
you need to do the same line for $listofusers, any time you use a dynamic array where you add values you should define the array before using it

$listofusers = @()

Author

Commented:
I applied that line before $Daysold = 90, but I am still not receiving any results in the email.

$logfiles = @()
$listofusers = @()
$Daysold = 90
$Date = (get-date).adddays(-$daysold)
i would update the following section:

Foreach ($l in $logfiles)
    {    Write-host "Processing "$l.fullname
        $log = "\\$s\c$\windows\system32\logfiles\W3SVC1\" + $l.name
        $listousers += gc $log | where {$_ -match "DeviceType=iPhone"}
    }

Author

Commented:
Endital1097,
Thanks for the update.  I applied and ran the changes, but that did not work.  What i had to do was rename "DeviceType=iPhone" to "iPhone".