Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2003 and ActiveSync

Posted on 2013-01-18
11
Medium Priority
?
413 Views
Last Modified: 2013-02-06
Here's the scenario -

We have Exchange 2003 with Activesync and mobile device management solution. We would like to remove the ability of the users to directly login to the activesync mail.company.com and use our mdm solution instead. Is there  way to block users to enroll directly to activesync?
0
Comment
Question by:syseng007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38794771
How does your MDM system work?

The almost probable answer is you can't unless you upgrade to Exchange 2007/2010/2013 as 2003 doesn't allow control over which devices can / can't connect which newer versions do.
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 38795758
You cant do this without upgrading later version of exchange............
0
 

Author Comment

by:syseng007
ID: 38796442
@alanhardisty. Our MDM is SaaS and it's connected to our activesync...

Our OWA and ActiveSync are both connecting to mail.mycompany.com. Would it be possible to re-create ActiveSync and use a different hostname so users wouldn't be able to connect to it? Would that work?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38796569
I don't know how SaaS works unfortunately, but if it relies on Activesync working, then you don't have any control over devices like you do in Exchange 2007/2010/2013 as Exchange 2003 Activesync is the early version which hasn't got the enhancements that the later version have.

You can either enable Activesync for a user or Disable it, but if it is enabled, you can't control which devices connect for that user so there is nothing to stop them adding their own devices unless SaaS can restrict devices by users.

If you configure Activesync to work on a different FQDN, then it will still have to work and can still be accessed by people as long as they know the FQDN.
0
 

Author Comment

by:syseng007
ID: 38805597
@alanhardisty - Would it be possible to create an additional front end server with a new activesync and perhaps the incoming IPs to that particular server? If yes, would that not break our OWA?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38805688
If you have a Front-End / Back-End environment, all that happens with Activesync is that the Mobile Devices hit the FE server and then get passed to the BE server (internally).

The FQDN will still need to point to the external IP Address whether that points to the FE server or BE server.

If you have a different FQDN for OWA and Activesync, you will need a multi-name SSL certificate and if you are going to the expense of adding a new 2003 server, you would be much better off upgrading to 2007/2010 or 2013 and then save yourself the hassle / expense of running two servers when you only really need one.

How many users do you have?
0
 

Author Comment

by:syseng007
ID: 38806948
We have the same FQDN for OWA and ActiveSync. We are talking about 1000 users..

I think I might know the solution - I will need to restrict IPs at the ActiveSync virtual directory level to our MDM, Exchange servers and DCs.

Thank you.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38807042
Do your devices access the SaaS server directly, not the Exchange server?
0
 

Author Comment

by:syseng007
ID: 38827033
Yes, our devices contact SaaS server directly.
0
 

Author Comment

by:syseng007
ID: 38827047
Would it be possible to run a script to clear all activesync partnerships? I'm thinking of just running a scheduled task on our front end servers to clear all activesync partnerships so users wouldnt have any choice but to get email via our MDM.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 38827096
If you had Exchange 2007 or 2010, then you could run a script, but with Exchange 2003, it is a manual process unfortunately :)

You can disable Activesync using ADMODIFY for all users if that is any help.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question