Hello,

Please could someone help me. We would like to disable ActiveSync on all mailboxes except for users which are members of a security group "ActiveSync Allowed".
 
I have had some success by scheduling powershell script to run on a daily basis to disable activesync for any users which may have been added/enabled during the previous day. I have managed to get this working by scheduleding the following:

 Get-User -ResultSize Unlimited | Where {($_.WhenCreated -gt (get-date).adddays(-1))} | Set-CASMailbox –ActiveSyncEnabled $false

However I would like this to exclude a number of users. These users are a member of a security group "ActiveSync Allowed" Is it possible to somehow get all users in the Exchange 2007 environment but exclude members of this group from the above powershell?   Or any alternative methods would be welcome (preferably not using the Quest QAD command - we dont have this in our environment).

Many Thanks
Mark

Mark;

Try this:

$groupidentity = $(Get-Group "ActiveSync Allowed").Identity.DistinguishedName $date = (Get-Date).AddDays(-1).ToShortDateString() Get-Mailbox -Filter{(memberofgroup -ne $groupidentity) -and (whencreated -gt $date)} -ResultSize unlimited |Set-CASMailbox -ActiveSyncEnabled $false

Karl

Thanks for your help.  Howerver, I tried it but get the following error:

Get-Mailbox : Cannot bind parameter 'Filter' to the target. Exception setting "Filter": "Cannot convert value "19/01/2010" to type "System.DateTime". Error: "String was not recognised as a valid DateTime."" At line:1 char:20

Kind Regards
Mark

Yeah, when I saw Karl's message I was worried this might happen. I see no reason for the ".ToShortDateString()" bit, try removing that and see if that does the trick. Converting a datetime object to a string is asking for trouble (in a localized world) and complicating things besides.

Many thanks that has worked a treat!

Thanks
Mark

I've got to pay more attention to not localizing my scripts :)

Glad you got it working.

Karl

This is how I do it.

Thanks Aaron, your post inspired me to write my first PowerShell Script. Basically I just turned the main part into a function so I could implement it a little easier into my environment. I'm a VBS person but functions seem to work fine. They are entirely based off the scripts in this post. Hope this helps someone else.

#Adding Exchange Snap In to execute Exchange CmdLets in this script
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin

# Disable ActiveSync and OWA for all Accounts
get-Mailbox -ResultSize:unlimited | set-CASMailbox -OWAEnabled $False -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
get-Mailbox -ResultSize:unlimited | set-CASMailbox -ActiveSyncEnabled $False -ErrorAction SilentlyContinue -WarningAction SilentlyContinue

#Function that enables OWA for members of each group function
EnableOWA { param($enableGroup) 

   # Assign all members of the group to a dynamic array 
   $allUsers = Get-DistributionGroupMember -Identity $enableGroup 
   
   # Loop through the array 
   foreach ($member in $allUsers) { 

      # Set OWA for each member of the array 
      $member | Set-CASMailbox –OWAEnabled $true 
   }
}

#Function that enables ActiveSynce for members of each group function
EnableActiveSync { param($enableGroup) 

   # Assign all members of the group to a dynamic array 
   $allUsers = Get-DistributionGroupMember -Identity $enableGroup 
   
   # Loop through the array 
   foreach ($member in $allUsers) { 

      # Set ActiveSync for each member of the array 
      $member | Set-CASMailbox –ActiveSyncEnabled $true 
   }
}

#DistrobutionGroups that allow webmail
EnableOWA 'Allowed Webmail'
EnableOWA 'IT Department'

#DistrobutionGroups that allow ActiveSync
EnableActiveSync 'Allowed PhoneMail'
EnableActiveSync 'IT Department'

novasamurai, I think you made it more complicated than it needs to be, that's part of the beauty of powershell, you need far less lines of code to do the same things.

this would be great.Getting an Error


[PS]$groupidentity = $(Get-Group"ActiveSync Allowed").Identity.DistinguishedName Get-Mailbox -Filter{(memberofgr
oup -ne $groupidentity)} -ResultSize unlimited |Set-CASMailbox -ActiveSyncEnabled $false

Unexpected token 'Get-Mailbox' in expression or statement.
At line:1 char:90
+ $groupidentity = $(Get-Group "ActiveSync Allowed").Identity.DistinguishedName
Get-Mailbox <<<< -Filter{(memberofgroup -ne $groupidentity)} -ResultSize unlimited |Set-CASMailbox -ActiveSyncEnabled $false

Two questions and an error I am seeing,

1. Does this text get entered as one command on one line?
2. When I put it into powershellise.exe and try to run it, it fails, I removed the "ToShortDateString()" bit too but it still fails

The error is
PS D:\Users\pcarroll\Documents> $groupidentity = $(Get-Group "GBS ActiveSync Approved").Identity.DistinguishedName
The term 'Get-Group' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, veri
fy that the path is correct and try again.
At line:1 char:29

when I run that section in a powershell command window, it works.

What am I doing wrong?

Regards,

Paul.

Scratch this post, figured it out as I wasn't at the correct path in Powershell to run the PS1 file

Hello All !

What about Exchange 2003 users ??? Does anyone know of a PowerShell script to disable Exchange 2003 users ?

Thanks
Chantal

I am new to the community. Would Karl's suggestion also work for members of a DL? I had some VB classes in school, but it has been a while.