Solved

How to disable OMA for all users except few of them...

Posted on 2010-08-23
21
1,548 Views
Last Modified: 2013-11-25
Hi,

I have checked and found that OMA (Active Sync) is enabled for all of our users whether its officlally approved for few of them. Now i want to disable it for all and then enable only for business justified users.
Please let me know the way to do it for *all* users in 1 shot.
I have exchange 2003 enterprise with SP2.
0
Comment
Question by:pdixit1977
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 4
  • +3
21 Comments
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33501827
double click on the user from ADUC - on your exchange server
Click on Exchange Features TAB
Select OMA
Click Disable

test it out for one user and see if it's disabled.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33501828
these things can be scripted in 2007,
2003 = hard to do.
0
 
LVL 33

Expert Comment

by:Busbar
ID: 33501837
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 6

Expert Comment

by:Elwin3
ID: 33501853
0
 
LVL 8

Expert Comment

by:ZombieAutopsy
ID: 33501865
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33501867
@elwin3
how do you customize that script for *some* users
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33501928
Easiest way to do this for all users is below...
- Open Exchange System Manager
- Expand Global Settings, Right click Mobile Services, click Properties
- On the General Tab, Under Outlook Mobile Access, uncheck "Enable Outlook Mobile Access"

Hope this helps~!
0
 

Author Comment

by:pdixit1977
ID: 33501985
I dont think apart of Elwin anybody else has read my question properly.

Thanks elwin, but what should i change in given script if i want to disable it only for a particular OU. I think i have to given DN of my OU in place of "LDAP://cn=Users,"
0
 
LVL 6

Expert Comment

by:Elwin3
ID: 33502134
Ok run the script for all users and it will disable it for everyone. Then put the users you want to enable in a OU.  Modify the script LDAP://cn=Users to the OU.

Also change If strWirelessEnabled = "" Then      to      If strWirelessEnabled = "7" Then

Also change  objUser.Put "msExchOmaAdminWirelessEnable", "7"    to     objUser.Put "msExchOmaAdminWirelessEnable", ""
 
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33502160
msExchOmaAdminWirelessEnable", "7"
>> this disables OMA

To disable only OMA correct value is 2.

See the table here
http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1179958_mem1,00.html
0
 

Author Comment

by:pdixit1977
ID: 33514375
I ran this script successfully with domain admin previledges on DC but OMA is still enable for all users.
0
 

Author Comment

by:pdixit1977
ID: 33514467
with both values 2 & 7.
0
 
LVL 6

Expert Comment

by:Elwin3
ID: 33518965
are the users in the root users ou?
0
 

Author Comment

by:pdixit1977
ID: 33521631
I made some changes in script to see its impact on few users. I ran it thru command prompt successfully wihout a single error.

On Error Resume Next
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objUsers = GetObject("LDAP://CN=IT Linux Team,CN=IT Team,CN=india,DC=domain,DC=com," & objRootDSE.Get("defaultNamingContext"))
' set msExchOmaAdminWirelessEnable to 7 if currently null
For Each objUser In objUsers
            strname = objUser.Get("name")
'            WScript.Echo "name: " & strname
            strWirelessEnabled = objUser.Get("msExchOmaAdminWirelessEnable")
            If strWirelessEnabled = "" Then
                        objUser.Put "msExchOmaAdminWirelessEnable", "7"
                        objUser.setinfo
            End If
            strWirelessEnabled = objUser.Get("msExchOmaAdminWirelessEnable")          
Next
WScript.Echo "Mobile Services disabled for Few users"
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33521666
7 will disable OMA for all.
I think you are going for 2 > to disable OMA for specific users ?

http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1179958_mem1,00.html
0
 

Author Comment

by:pdixit1977
ID: 33521854
If you are talking about this then i have tried to change it as "2" but no luck.

objUser.Put "msExchOmaAdminWirelessEnable", "7"
0
 

Author Comment

by:pdixit1977
ID: 33545508
I am not a scripting guy so its very difficult for me to utilize given link.
If you have a readymade or easy to use way please let me know..


Elwin 3 :  Need your help
0
 
LVL 6

Accepted Solution

by:
Elwin3 earned 250 total points
ID: 33588026
OK - Sorry been away.First thing to do is to make sure the value you are changing is working. So go to Exchange Console and choose one user. Look at the properties of that users mailbox and go to the Mailbox Features tab. You will see Exchange ActiveSync set to Enabled (0).Now go to Active Directory Users and Computers and find the same user there. Make sure Advanced Features are ticked under the View menu bar along the top. In the properties of the user click on the Attribute Editor tab and find the value msExchOmaAdminWireless and change the value from "not set"  to 7.Now if you go back into Exchange and look at the user's features again you will see ActiveSync is now diabled.If that's ok then run your sscript against a OU with a couple of users in and see if it changed the value.
0
 

Author Comment

by:pdixit1977
ID: 33600163
can u pelase elaborate "go to Exchange Console and choose one user. Look at the properties of that users mailbox and go to the Mailbox Features tab. You will see Exchange ActiveSync set to Enabled (0)."
I have exchange and active directory both running on 2003 so let me know how can i find/enable attribute editor in 2003 ?
0
 

Author Closing Comment

by:pdixit1977
ID: 33671512
g
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video discusses moving either the default database or any database to a new volume.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question