Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 689
  • Last Modified:

Removal of Stale ActiveSync Devices

How can we get the list of Stale ActiveSync Devices list in CSV and how to remove those


Please suggest
0
Addy Nadia
Asked:
Addy Nadia
1 Solution
 
SubsunCommented:
Following script will Export the device details which is not in sync for last 30 days to csv..
$StaleDevices = Get-ActiveSyncDevice -result unlimited | Get-ActiveSyncDeviceStatistics | ?{$_.LastSuccessSync -le (Get-Date).AddDays("-30")}
$StaleDevices | Export-csv C:\ActiveSyncDevicereport.csv -nti

Open in new window

After that you can run the following line of code to remove the device..
#To remove 
$StaleDevices | % {Remove-ActiveSyncDevice ([string]$_.Guid) -confirm:$false}

Open in new window

0
 
Addy NadiaExpertAuthor Commented:
Hello subsun,

As per 1st script you gave, i need to run as it is ? i hope this will only give device List which are stale. i need the one for 90 days

Thanks,
Andy
0
 
Addy NadiaExpertAuthor Commented:
i have exchange 2013, i think Get-MobileDevice will work.. not sure. can you check
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
SubsunCommented:
Yes for Exchange 2013 it's Get-MobileDevice & Remove-MobileDevice
Try..
$StaleDevices = Get-CASMailbox -ResultSize unlimited –Filter {(HasActiveSyncDevicePartnership -eq $true) -AND (name -notlike “cas_*”) -AND (name -notlike “DiscoverysearchMailbox*”)} | % {Get-MobileDeviceStatistics -Mailbox $_.Identity | Where-Object {$_.LastSuccessSync -le ((Get-Date).AddDays(“-30”))}}

$StaleDevices | Export-csv C:\ActiveSyncDevicereport.csv -nti

Open in new window

To Remove..
$StaleDevices | Remove-MobileDevice

Open in new window

0
 
Addy NadiaExpertAuthor Commented:
But when i am running this command,

i am getting lot of error for specific OU type, that could find the user .something like that with name of user
But i have seen it is pointing to one OU, where we store our Disabled accounts, i mean who left the company.

do you have any suggestion to add that particular OU in exception

Thanks,
Andy
0
 
SubsunCommented:
For example if "corp.domain.com/Admin/IT/Disabled Users/" is the disabled user OU and you want to exclude devices from that OU, then try..
$StaleDevices = Get-CASMailbox -ResultSize unlimited –Filter {(HasActiveSyncDevicePartnership -eq $true) -AND (name -notlike “cas_*”) -and (name -notlike “DiscoverysearchMailbox*”)} | % {Get-MobileDeviceStatistics -Mailbox $_.Identity | ? {?{$_.Identity -notmatch "corp.domain.com//Admin//IT//Disabled Users//"} -and $_.LastSuccessSync -le ((Get-Date).AddDays(“-30”))}}

$StaleDevices | Export-csv C:\ActiveSyncDevicereport.csv -nti

Open in new window

If it does not work post the error..
0
 
Addy NadiaExpertAuthor Commented:
Can you please suggest any article or any of your comments .. what are the benefits of removing the stale active sync devices from the environment

Thanks,
Andy
0
 
Addy NadiaExpertAuthor Commented:
i am getting below error when running first command

Cannot bind parameter 'Filter' to the target. Exception setting "Filter":
"Invalid filter syntax. For a description of the filter parameter syntax see
the command help.
"(HasActiveSyncDevicePartnership -eq $true) -AND (name -notlike "cas_*") -AND
(name -notlike "DiscoverysearchMailbox*")" at position 65."
0
 
SubsunCommented:
i am getting below error when running first command
Try..
$StaleDevices = Get-CASMailbox -ResultSize unlimited –Filter {HasActiveSyncDevicePartnership -eq $true} | % {Get-MobileDeviceStatistics -Mailbox $_.Identity | ? {?{$_.Identity -notmatch "corp.domain.com//Admin//IT//Disabled Users//"} -and $_.LastSuccessSync -le ((Get-Date).AddDays(“-30”))}}

Open in new window


Can you please suggest any article or any of your comments .. what are the benefits of removing the stale active sync devices from the environment
Removing the stale devices will help keep your Exchange environment neat and tidy, Some do it for security audit compliance.

Also Exchange throttling policies by default limits users to a maximum number of device relationships and concurrent devices. Users may change devices or simply upgrades the firmware on their Android device, all this will end up creating new device relationship.  Exchange doesn’t have any inbuilt process to remove older devices immediately. So it's better to clean it up regularly.
0
 
David Johnson, CD, MVPOwnerCommented:
$StaleDevices = Get-CASMailbox -ResultSize unlimited –Filter {HasActiveSyncDevicePartnership -eq $true} | foreach-object {Get-MobileDeviceStatistics -Mailbox $_.Identity | Where-Object {Where-Object{$_.Identity -notmatch 'corp.domain.com//Admin//IT//Disabled Users//'} -and $_.LastSuccessSync -le ((Get-Date).AddDays('-30'))}}
$StaleDevices | Export-csv C:\ActiveSyncDevicereport.csv -nti

Open in new window

0
 
SubsunCommented:
Just noticed some syntax error in my code (ID: 41818477). Here is corrected one..
$StaleDevices = Get-CASMailbox -ResultSize unlimited –Filter {HasActiveSyncDevicePartnership -eq $true} | % {Get-MobileDeviceStatistics -Mailbox $_.Identity | ?{$_.Identity -notmatch "corp.domain.com//Admin//IT//Disabled Users//" -and $_.LastSuccessSync -le ((Get-Date).AddDays(“-30”))}}
$StaleDevices | Export-csv C:\ActiveSyncDevicereport.csv -nti

Open in new window

0
 
Ajit SinghCommented:
Removing stale Exchange Active Sync Device is a general housekeeping matter, along with security best practices also removing stale devices keeps the system database lean and running faster.

Get help from this blog to Remove Old ActiveSync Devices Exchange Server 2010 / 2013 / 2016 / 0365: http://www.ntweekly.com/?p=11122

How to delete mobile device in exchange 2013:
https://community.spiceworks.com/topic/703956-how-to-delete-mobile-device-in-exchange-2013

Hope this helps!
1
 
Addy NadiaExpertAuthor Commented:
Thanks
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now