Solved

Removal of Stale ActiveSync Devices

Posted on 2016-09-27
13
194 Views
Last Modified: 2016-10-03
How can we get the list of Stale ActiveSync Devices list in CSV and how to remove those


Please suggest
0
Comment
Question by:Addy Nadia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 41817822
Following script will Export the device details which is not in sync for last 30 days to csv..
$StaleDevices = Get-ActiveSyncDevice -result unlimited | Get-ActiveSyncDeviceStatistics | ?{$_.LastSuccessSync -le (Get-Date).AddDays("-30")}
$StaleDevices | Export-csv C:\ActiveSyncDevicereport.csv -nti

Open in new window

After that you can run the following line of code to remove the device..
#To remove 
$StaleDevices | % {Remove-ActiveSyncDevice ([string]$_.Guid) -confirm:$false}

Open in new window

0
 
LVL 5

Author Comment

by:Addy Nadia
ID: 41817838
Hello subsun,

As per 1st script you gave, i need to run as it is ? i hope this will only give device List which are stale. i need the one for 90 days

Thanks,
Andy
0
 
LVL 5

Author Comment

by:Addy Nadia
ID: 41817839
i have exchange 2013, i think Get-MobileDevice will work.. not sure. can you check
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 40

Expert Comment

by:Subsun
ID: 41817884
Yes for Exchange 2013 it's Get-MobileDevice & Remove-MobileDevice
Try..
$StaleDevices = Get-CASMailbox -ResultSize unlimited –Filter {(HasActiveSyncDevicePartnership -eq $true) -AND (name -notlike “cas_*”) -AND (name -notlike “DiscoverysearchMailbox*”)} | % {Get-MobileDeviceStatistics -Mailbox $_.Identity | Where-Object {$_.LastSuccessSync -le ((Get-Date).AddDays(“-30”))}}

$StaleDevices | Export-csv C:\ActiveSyncDevicereport.csv -nti

Open in new window

To Remove..
$StaleDevices | Remove-MobileDevice

Open in new window

0
 
LVL 5

Author Comment

by:Addy Nadia
ID: 41817917
But when i am running this command,

i am getting lot of error for specific OU type, that could find the user .something like that with name of user
But i have seen it is pointing to one OU, where we store our Disabled accounts, i mean who left the company.

do you have any suggestion to add that particular OU in exception

Thanks,
Andy
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41817936
For example if "corp.domain.com/Admin/IT/Disabled Users/" is the disabled user OU and you want to exclude devices from that OU, then try..
$StaleDevices = Get-CASMailbox -ResultSize unlimited –Filter {(HasActiveSyncDevicePartnership -eq $true) -AND (name -notlike “cas_*”) -and (name -notlike “DiscoverysearchMailbox*”)} | % {Get-MobileDeviceStatistics -Mailbox $_.Identity | ? {?{$_.Identity -notmatch "corp.domain.com//Admin//IT//Disabled Users//"} -and $_.LastSuccessSync -le ((Get-Date).AddDays(“-30”))}}

$StaleDevices | Export-csv C:\ActiveSyncDevicereport.csv -nti

Open in new window

If it does not work post the error..
0
 
LVL 5

Author Comment

by:Addy Nadia
ID: 41818405
Can you please suggest any article or any of your comments .. what are the benefits of removing the stale active sync devices from the environment

Thanks,
Andy
0
 
LVL 5

Author Comment

by:Addy Nadia
ID: 41818427
i am getting below error when running first command

Cannot bind parameter 'Filter' to the target. Exception setting "Filter":
"Invalid filter syntax. For a description of the filter parameter syntax see
the command help.
"(HasActiveSyncDevicePartnership -eq $true) -AND (name -notlike "cas_*") -AND
(name -notlike "DiscoverysearchMailbox*")" at position 65."
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41818477
i am getting below error when running first command
Try..
$StaleDevices = Get-CASMailbox -ResultSize unlimited –Filter {HasActiveSyncDevicePartnership -eq $true} | % {Get-MobileDeviceStatistics -Mailbox $_.Identity | ? {?{$_.Identity -notmatch "corp.domain.com//Admin//IT//Disabled Users//"} -and $_.LastSuccessSync -le ((Get-Date).AddDays(“-30”))}}

Open in new window


Can you please suggest any article or any of your comments .. what are the benefits of removing the stale active sync devices from the environment
Removing the stale devices will help keep your Exchange environment neat and tidy, Some do it for security audit compliance.

Also Exchange throttling policies by default limits users to a maximum number of device relationships and concurrent devices. Users may change devices or simply upgrades the firmware on their Android device, all this will end up creating new device relationship.  Exchange doesn’t have any inbuilt process to remove older devices immediately. So it's better to clean it up regularly.
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 41818541
$StaleDevices = Get-CASMailbox -ResultSize unlimited –Filter {HasActiveSyncDevicePartnership -eq $true} | foreach-object {Get-MobileDeviceStatistics -Mailbox $_.Identity | Where-Object {Where-Object{$_.Identity -notmatch 'corp.domain.com//Admin//IT//Disabled Users//'} -and $_.LastSuccessSync -le ((Get-Date).AddDays('-30'))}}
$StaleDevices | Export-csv C:\ActiveSyncDevicereport.csv -nti

Open in new window

0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 41818596
Just noticed some syntax error in my code (ID: 41818477). Here is corrected one..
$StaleDevices = Get-CASMailbox -ResultSize unlimited –Filter {HasActiveSyncDevicePartnership -eq $true} | % {Get-MobileDeviceStatistics -Mailbox $_.Identity | ?{$_.Identity -notmatch "corp.domain.com//Admin//IT//Disabled Users//" -and $_.LastSuccessSync -le ((Get-Date).AddDays(“-30”))}}
$StaleDevices | Export-csv C:\ActiveSyncDevicereport.csv -nti

Open in new window

0
 
LVL 14

Expert Comment

by:Ajit Singh
ID: 41823291
Removing stale Exchange Active Sync Device is a general housekeeping matter, along with security best practices also removing stale devices keeps the system database lean and running faster.

Get help from this blog to Remove Old ActiveSync Devices Exchange Server 2010 / 2013 / 2016 / 0365: http://www.ntweekly.com/?p=11122

How to delete mobile device in exchange 2013:
https://community.spiceworks.com/topic/703956-how-to-delete-mobile-device-in-exchange-2013

Hope this helps!
1
 
LVL 5

Author Closing Comment

by:Addy Nadia
ID: 41825959
Thanks
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question