Solved

Exchange 2010 activesync questions

Posted on 2013-11-01
7
861 Views
Last Modified: 2013-12-04
We have one activesync mailbox policy which is, of course, the default and by default, it is enabled.  Can i change the default policy so that new mailboxes that we create will have activesync disabled?  If so, what impact will it have on mailboxes that are using the default policy and are already enabled for activesync?  If i create a new policy, how do i make sure that mailboxes assigned to that policy are not enabled for activesync?

Thanks,
Johnny
0
Comment
Question by:jdholston
  • 3
  • 3
7 Comments
 
LVL 9

Expert Comment

by:dipersp
ID: 39617970
There's no automated way of doing this that I found.  We actually wrote a Powershell script to create all new users, which creates the user, mailbox, adds them to any groups, etc.  It also disables Activesync by default for all new users.

There's no way to disable ActiveSync by using the ActiveSync policies (Though you could seriously hinder ActiveSync this way.)

What you want to do is leave the policy as is, then disable ActiveSync on a user-by-user basis.  Here's the Powershell line we use when we create users -

set-qaduser [USERID] -ObjectAttributes @{ msExchOmaAdminWirelessEnable = 7 }

You would need to have the Quest powershell tools for this one.
0
 
LVL 17

Expert Comment

by:Lior Karasenti
ID: 39618013
If you want to disable ActiveSync for new mailboxes without disable it on the mailboxes that already use it you can use cmdlet extension agent

There is a really very handy feature in Exchange 2010 that Microsoft have barely documented and therefore goes, for the most part, unused and forgotten, it is called the cmdlet extension agent.

You can look at the very sparse bit of Microsoft help in the form of the following file C:\Program Files\Microsoft\Exchange Server\V14\Bin\CmdletExtensionAgents\ScriptingAgentConfig.xml.SAMPLE, which gives you basic instructions to use as a base, all of which will confirm the instructions I give below.

To just disable Active-Sync, follow these 2 very simple steps, it should be very easy to modify this to include OWA by simply adding -owaenabled $false but I have not personally tested that so I won't add it to the code I post here, which I HAVE tested and verified myself.

1 : Copy and paste the code below into notepad, save the file as ScriptingAgentConfig.xml into the directory mentioned above

2 : run the following Exchange shell command. Enable-CmdletExtensionAgent "Scripting Agent"

Thats it. Hope this helps.

<?xml version="1.0" encoding="utf-8" ?>
<Configuration version="1.0">
 <Feature Name="MailboxProvisioning" Cmdlets="enable-mailbox">
  <ApiCall Name="OnComplete">
   if($succeeded)
    {
    $user = (Get-User $provisioningHandler.UserSpecifiedParameters["Identity"]).distinguishedName
    Set-CASMailbox $user -ActiveSyncEnabled $false
    }
  </ApiCall>
 </Feature>
 <Feature Name="MailboxProvisioning" Cmdlets="new-mailbox">
  <ApiCall Name="OnComplete">
   if($succeeded)
   {
   $user = (Get-User $provisioningHandler.UserSpecifiedParameters["Name"]).distinguishedName
   Set-CASMailbox $user -ActiveSyncEnabled $false
   }
  </ApiCall>
 </Feature>
</Configuration>

http://social.technet.microsoft.com/Forums/exchange/en-US/729bfaf1-76ac-44e7-9b03-8730e7ff54a7/disable-owa-activesync-as-default-for-new-users?forum=exchange2010
0
 

Author Comment

by:jdholston
ID: 39624742
Thanks, liorkr.  I will try the script, but will have to wait until after hours, just in case we run into any issues.  I was wondering which server(s) this needs to be installed on.  I assume on my 2 mailbox servers, but does it also need to be on my CAS/HT servers?

Thanks,
Johnny
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 17

Expert Comment

by:Lior Karasenti
ID: 39624835
To be honest I only used it on server's with all roles installed on one server, but I'm think that using it on the mailbox server should be enough, As for problems I used it many time without any problem hope that will be the case for you also
good luck.
0
 

Author Comment

by:jdholston
ID: 39638996
liorkr:

I copied, pasted the script above and saved it as the .xml file as suggested and saved it in the location you listed.  I ran the Enable-CmdletExtensionAgent "Scripting Agent" and got no errors.  When i created a new user, i received the below warning message.  The account was created but activesync was enabled.  Not sure if i missed something.  Hopefully it is just a minor thing on my part...Any help is greatly appreciated...

Thanks,
Johnny

Summary: 1 item(s). 1 succeeded, 0 failed.
Elapsed time: 00:00:01


Public, John Q.
Completed

Warning:
The cmdlet extension agent with the index 5 has thrown an exception in OnComplete(). The exception is: Microsoft.Exchange.Provisioning.ProvisioningException: ScriptingAgent: Exception thrown while invoking scriptlet for OnComplete API: Cannot bind argument to parameter 'Identity' because it is null.. ---> System.Management.Automation.ParameterBindingValidationException: Cannot bind argument to parameter 'Identity' because it is null.
   at System.Management.Automation.ParameterBinderBase.ValidateNullOrEmptyArgument(CommandParameterInternal parameter, CompiledCommandParameter parameterMetadata, Type argumentType, Object parameterValue, Boolean recurseIntoCollections)
   at System.Management.Automation.ParameterBinderBase.BindParameter(CommandParameterInternal parameter, CompiledCommandParameter parameterMetadata, ParameterBindingFlags flags)
   at System.Management.Automation.CmdletParameterBinderController.BindParameter(CommandParameterInternal argument, MergedCompiledCommandParameter parameter, ParameterBindingFlags flags)
   at System.Management.Automation.CmdletParameterBinderController.BindParameter(UInt32 parameterSets, CommandParameterInternal argument, MergedCompiledCommandParameter parameter, ParameterBindingFlags flags)
   at System.Management.Automation.ParameterBinderController.BindPositionalParametersInSet(UInt32 validParameterSets, Dictionary`2 nextPositionalParameters, CommandParameterInternal argument, ParameterBindingFlags flags, ParameterBindingException& bindingException)
   at System.Management.Automation.ParameterBinderController.BindPositionalParameters(Collection`1 unboundArguments, UInt32 validParameterSets, UInt32 defaultParameterSet, Boolean ignoreArgumentsThatLookLikeParameters, ParameterBindingException& outgoingBindingException)
   at System.Management.Automation.CmdletParameterBinderController.BindCommandLineParametersNoValidation(Collection`1 arguments)
   at System.Management.Automation.CmdletParameterBinderController.BindCommandLineParameters(Collection`1 arguments)
   at System.Management.Automation.CommandProcessor.BindCommandLineParameters(CommandParameterInternal[] parameters)
   at System.Management.Automation.CommandProcessor.Prepare(CommandParameterInternal[] parameters)
   at System.Management.Automation.CommandProcessorBase.DoPrepare(CommandParameterInternal[] parameters)
   at System.Management.Automation.Internal.PipelineProcessor.Start(Boolean incomingStream)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.ProvisioningAgent.ScriptingAgentHandler.OnComplete(Boolean succeeded, Exception e)
   at Microsoft.Exchange.Provisioning.ProvisioningLayer.OnComplete(Task task, Boolean succeeded, Exception exception)

Exchange Management Shell command completed:
New-Mailbox -Name 'Public, John Q.' -Alias 'JQPublic' -OrganizationalUnit 'kennedy-center.org/Users' -UserPrincipalName 'JQPublic@kennedy-center.org' -SamAccountName 'JQPublic' -FirstName 'John' -Initials 'Q' -LastName 'Public' -Password 'System.Security.SecureString' -ResetPasswordOnNextLogon $false -Database 'DB09'

Elapsed Time: 00:00:01
0
 
LVL 17

Accepted Solution

by:
Lior Karasenti earned 500 total points
ID: 39654172
Hi,
sorry for the late response I was very busy.
very strange.. I use it all the time. You can try edit the exist AgentConfig.xml.SAMPLE and rename it to AgentConfig.xml (You can back it up just in case)
I had once problem with it and it was the XML fie fault
0
 

Author Closing Comment

by:jdholston
ID: 39696463
liorkr,

I finally got it working.  Had to edit the AgentConfig.xml.sample file and then copied it to the mailbox servers.  I still got the warning message.  I then copied the file to the CAS/HT servers and still got the errors.  Lastly, and I don't know why this made it work, I copied the file to my UM servers and then ran the Enable-CmdletExtentionAgent "Scripting Agent" and created a new user and there were no warnings and the user had ActiveSync disabled.

Whew!!! Thanks for your assist on this...
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question