Exchange Shell Command?

To enable an active sync device that has been blocked by a rule is?

Something:  -AllowNonProvisionableDevices $true

Thanks
LVL 1
CHI-LTDAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Patrick BogersDatacenter platform engineer LindowsCommented:
:)

Please have a look here.

It will show you something like: Set-ActiveSyncMailboxPolicy -Identity MyPolicy -AllowNonProvisionableDevices $true -AllowSimpleDevicePassword $true bla bla bla
0
David Paris VicenteSystems and Comunications  Administrator Commented:
First you have to identify which device.

This are some examples with the active sync devices.

Exchange management shell offers cmdlets to manage ActiveSync devices:



To see all ActiveSync devices that are connected (or have ever been connected) to the mailbox user use the following command:

Get-ActiveSyncDevice -Mailbox Mailbox | fl *device*

The parameter "DeviceId" contains a string, which is to be used in the next command. Use this command below to lock the device with DeviceID for the Mailbox:

Set-CASMailbox Mailbox -ActiveSyncBlockedDeviceIDs HTC14b71389864f33d5f4ea6dc1dbb4f

To verify the result re-run the first command:
Get-ActiveSyncDevice -Mailbox Mailbox | fl *device*


Also the blocked DeviceId appears in the list of the blocked device IDs for the mailbox:

Get-CASMailbox Mailbox | fl ActiveSync*

The next try to access the mailbox with the blocked device will fail and the user will receive an e-mail from the Exchange server that will notify the user about the locked device.

To reset the blocked device list for a user mailbox enter the following command:

Set-CASMailbox Mailbox -ActiveSyncBlockedDeviceIDs $nul
The command above allows all devices for a user mailbox.

Hope this could help you.

Regards
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CHI-LTDAuthor Commented:
i have the deviceid..
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

CHI-LTDAuthor Commented:
This has changed it to allowed..

Set-CASMailbox Mailbox -ActiveSyncALlowedDeviceIDs $null

Any ideas why this has changed from allowed to blocked, and have not had any email?
0
David Paris VicenteSystems and Comunications  Administrator Commented:
And you want to enable it again for any mobile device?

Then
Set-CASMailbox Mailbox (name/alias)    -ActiveSyncBlockedDeviceIDs $nul
The command above allows all devices for a user mailbox.


And at the least you must have recipient management role who gives you permissions to do this command.

And your device is accept again by exchange ActiveSync

Regards
0
David Paris VicenteSystems and Comunications  Administrator Commented:
Can be so many things.

Policies that didn´t apply on the device, etc.

For better comprehension please visit Understanding Mobile Device Management

Regards
0
SubsunCommented:
If you run Get-CASMailbox against the user ID then you can see the blocked device ID...
For example..
PS] C:>Get-CASMailbox subsun | FL ACtive*
ActiveSyncAllowedDeviceIDs           : {}
ActiveSyncBlockedDeviceIDs           : {0125415245142500}
ActiveSyncMailboxPolicy              : Default
ActiveSyncMailboxPolicyIsDefaulted   : True
ActiveSyncDebugLogging               :
ActiveSyncEnabled                    : True

Open in new window

In this example device ID is 0125415245142500, so you run the Set-CASMailbox command against the user account to Unblock the device..
[PS] C:\>Get-CASMailbox subsun | Set-CASMailbox -ActiveSyncAllowedDeviceIDs 0125415245142500 -ActiveSyncBlockedDeviceIDs:$null

Open in new window

Wait for some time.. and again run the Get-CASMailbox command to verify the settings..
[PS] C:\>Get-CASMailbox Subsun | FL ACtive*
ActiveSyncAllowedDeviceIDs         : {0125415245142500}
ActiveSyncBlockedDeviceIDs         : {}
ActiveSyncMailboxPolicy            : Default
ActiveSyncMailboxPolicyIsDefaulted : True
ActiveSyncDebugLogging             :
ActiveSyncEnabled                  : True

Open in new window

0
CHI-LTDAuthor Commented:
Managed to get it allowed.  Device StateReason was Polic, when blocked.  
Now its enabled, reason, is an individual..
How long to wait?
0
SubsunCommented:
It wont take much time.. Max 5-10 Min..

When you run Get-CASMailbox <User> | FL ACtive* are you able to see the deviceID in ActiveSyncAllowedDeviceIDs?
0
CHI-LTDAuthor Commented:
Yes its allowed.

Still can't sync the device though!!!
0
SubsunCommented:
Try removing and re-adding the account in device..
0
CHI-LTDAuthor Commented:
removed device from exchange
remotely wiped the device using maas app.
reconfigured activesync through maas, but failed....

Not showing in exchange or any issues in maas portal...
0
SubsunCommented:
Do you have any TMG or anything else to publish the ActiveSync?
0
CHI-LTDAuthor Commented:
nope.  just firewall, ports open.
0
SubsunCommented:
Only thing can delay this configuration is IIS cache (max 15 min).. just wait for some more time and see...

Meantime make sure the device ID which you allowed and the device you configuring is matching.. :-)
0
CHI-LTDAuthor Commented:
sure is matching by device id on exchange and maas360 and OWA...
0
SubsunCommented:
Do you still have problem?

If yes..

Does the deviceID still shows under ActiveSyncAllowedDeviceIDs when you run the following command?
Get-CASMailbox <User> | FL ACtive*

Is there any device under blockedDeviceIDs?

What is the error when you try to activate the device?
0
CHI-LTDAuthor Commented:
Well its now started syncing this morning, and reliably when i hit refresh... failed once with 'could not connect due to security error...'
will update you monday.
thanks
0
CHI-LTDAuthor Commented:
We seem to be ok now, was an issue with our cloud MDM solution blocking the active sync device..
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.