Exchange 2010 ActiveSync activate/deactivate

HelpdeskJBC
HelpdeskJBC used Ask the Experts™
on
We have a "Windows 2008 R2 64-bit" Server with "Exchange 2010 64-bit with Update Rollup 4" installed.

We need to configure:

1) By default that users by their creation have deaktivated ActiveSync (Exchange Management Console>Recipient Configuration>Mailbox>%User Name%>Properties>Mailbox Features>Exchange ActiveSync>Disabled)

2) We have a "Mobile Sync Users" AD-Group. How would it be possible to enable through GPO or whatever for these Users in that AD-Group ActiveSync and deaktivate again when not anymore in that Group?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
The first thing I thought of when I read this, was a Powershell script, so I did a quick web search and it looks like someone has already asked this question and someone has responded with an example script to do exactly that - The Powershell script runs (e.g. as a scheduled task) and enables ActiveSync for all users in a particular group.

Note that this Powershell script was written for Exchange 2007, but the process should be the same or very similar: -

http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/9a864f64-21fe-4500-b005-43cf64f471ed
Well the script by itself runs smoothly now.

However I still have problems to get that ps1 script file into sheduled tasks.

I added the groups 'Mobile Sync Users' and 'Mobile Sync Users deny'  to their respective distribution groups in EMC.

I've run the command in EMC PS:

Set-ExecutionPolicy RemoteSigned

I get the recently users listed

Get-User -ResultSize Unlimited | Where {($_.WhenCreated -gt (get-date).adddays(-1))}

The members as well are being listed from

Get-DistributionGroupMember -Identity 'Mobile Sync Users'
Get-DistributionGroupMember -Identity 'Mobile Sync Users deny'

Furthermore, all users current setting (True/False) are being shown with this command:
Get-CASMailbox $member.Name | Select-Object Name, ActiveSyncEnabled

The script I can run from the EMC PS without problem.

I see from the batch file how the batch file opens the EMC PS then connects to the Exchange Server then nothing.

Get-CASMailbox $member.Name | Select-Object Name, ActiveSyncEnabled

Doesn't show a change in the setting even if I tripple check if the user is in the correct Group as well not in the deny group when I try to enable ActiveSync.

A new test then afterwards of running the script directly from the EMC PS console runs without a hitch.

A further test as well showes that the deny is stronger as it should be.

Help me please with enabling the script from batch.
#---content of 'RunActiveSync.bat'---
PowerShell.exe -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; & 'C:\Folder\ActiveSync.bat.ps1'"
#---end of 'RunActiveSync.bat'---


#---content of 'ActiveSync.ps1'---
# ActiveSync.ps1 - Deactivate new users Active Sync and then allow all 'Mobile Sync Users' and deny all 'Mobile Sync Users deny' ActiveSync.

# Created by - Michael Hommon


# Adding Exchange Snap In to execute Exchange CmdLets in this script
# Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin


# Clear screen (used for testing purposes)
Clear-Host


# Disable by default all new users created innerhalf a day
Get-User -ResultSize Unlimited | Where {($_.WhenCreated -gt (get-date).adddays(-1))} | Set-CASMailbox -ActiveSyncEnabled $false


# Assign all members of the Domain Group to the dynamic array 
$allMembers = Get-DistributionGroupMember -Identity 'Mobile Sync Users'


# Loop through the array
foreach ($member in $allMembers) {

       # Set ActiveSync for each member of the array
       $member | Set-CASMailbox –ActiveSyncEnabled $true


       # Remove the # sign in front of the Get-CASMailbox statement for status information
       # Get-CASMailbox $member.Name | Select-Object Name, ActiveSyncEnabled

}


# Deny all members of the Domain Group to the dynamic array 
$allMembersDeny = Get-DistributionGroupMember -Identity 'Mobile Sync Users deny'


# Loop through the array Deny
foreach ($member in $allMembersDeny) {

       # Set ActiveSync for each member of the array
       $member | Set-CASMailbox –ActiveSyncEnabled $false


       # Remove the # sign in front of the Get-CASMailbox statement for status information
       # Get-CASMailbox $member.Name | Select-Object Name, ActiveSyncEnabled

}

#---end of 'ActiveSync.ps1'---

Open in new window

Found it now out

 #---content of 'RunActiveSync.bat'---
PowerShell.exe -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; & 'C:\Folder\ActiveSync.bat.ps1'"
#---end of 'RunActiveSync.bat'---

'C:\Folder\ActiveSync.bat.ps1' ==> 'C:\Folder\ActiveSync.ps1' then it worked XD

 

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial