Limit ActiveSync access for users in multiple AD groups
Does anyone know of a good script or way to limit access to ActiveSync in Exchange 2010 to multiple AD groups?
I'd like to have all users disabled from activesync across the board....then I have four separate AD groups, and I would like to allow anyone in those four groups to be able to access Activesync. The four groups are required because we have a
third party mobile management solution and users get different phone restrictions based on which group they are a member of.
Pete
August 17th, 2011 11:53am
see
http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/9a864f64-21fe-4500-b005-43cf64f471ed/
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2011 12:08pm
Ran across that, but it doesn't seem to work for me...I'm on 2008 R2 with Exchange 2010 SP1 and in the command shell, no matter what group I lookup...domain admins, anything...it comes back with 'object couldn't be found'.... I tried issuing
a Set-ADServerSettings -ViewEntireForest $True beforehand....that didn't make a difference either...strange...
Pete
August 17th, 2011 3:15pm
Let me clarify too - I'm trying to work off a Security Group...not a distirbution list...the script that's posted is for a DL and the command works fine...i was trying to make this work against the security group, which is why it was giving the error.
But...the search continues so I can get this to work off an existing set of AD groups...
Pete
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2011 4:06pm
Replace the DL with get-adgroupmember or use quest snapin and use qadmemeber
http://technet.microsoft.com/en-us/library/ee617193.aspx
August 17th, 2011 4:36pm
Quota From
http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/9a864f64-21fe-4500-b005-43cf64f471ed/ with Jon-Alfred Smith's Reply:
This should work for enabling your group of allowed ActiveSync users. Save the commands
in a text file with the extension .PS1 and run the script from a PowerShell command line, such as:
[PS] C:\Scripts>.\allow-activesync.ps1
--------------- SCRIPT -------------
# Clear screen (used for testing purposes)
Clear-Host
# Assign all members of the DG to the dynamic array
$allMembers
=
Get-DistributionGroupMember
-Identity
'
ActiveSync Allowed'
# Loop through the array
foreach ($member
in
$allMembers) {
# Set ActiveSync for each member of the array
$member
| Set-CASMailbox
–ActiveSyncEnabled
$true
# Remove the # sign in front of the Get-CASMailbox
statement for status information
# Get-CASMailbox $member.Name | Select-Object
Name, ActiveSyncEnabled
}
Free Windows Admin Tool Kit Click here and download it now
August 19th, 2011 2:51am