Limit ActiveSync access for users in multiple AD groups
Does anyone know of a good script or way to limit access to ActiveSync in Exchange 2010 to multiple AD groups? I'd like to have all users disabled from activesync across the board....then I have four separate AD groups, and I would like to allow anyone in those four groups to be able to access Activesync. The four groups are required because we have a third party mobile management solution and users get different phone restrictions based on which group they are a member of. Pete
August 17th, 2011 11:53am

see http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/9a864f64-21fe-4500-b005-43cf64f471ed/
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2011 12:08pm

Ran across that, but it doesn't seem to work for me...I'm on 2008 R2 with Exchange 2010 SP1 and in the command shell, no matter what group I lookup...domain admins, anything...it comes back with 'object couldn't be found'.... I tried issuing a Set-ADServerSettings -ViewEntireForest $True beforehand....that didn't make a difference either...strange... Pete
August 17th, 2011 3:15pm

Let me clarify too - I'm trying to work off a Security Group...not a distirbution list...the script that's posted is for a DL and the command works fine...i was trying to make this work against the security group, which is why it was giving the error. But...the search continues so I can get this to work off an existing set of AD groups... Pete
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2011 4:06pm

Replace the DL with get-adgroupmember or use quest snapin and use qadmemeber http://technet.microsoft.com/en-us/library/ee617193.aspx
August 17th, 2011 4:36pm

Quota From http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/9a864f64-21fe-4500-b005-43cf64f471ed/ with Jon-Alfred Smith's Reply: This should work for enabling your group of allowed ActiveSync users. Save the commands in a text file with the extension .PS1 and run the script from a PowerShell command line, such as: [PS] C:\Scripts>.\allow-activesync.ps1 --------------- SCRIPT ------------- # Clear screen (used for testing purposes) Clear-Host # Assign all members of the DG to the dynamic array $allMembers = Get-DistributionGroupMember -Identity ' ActiveSync Allowed' # Loop through the array foreach ($member in $allMembers) { # Set ActiveSync for each member of the array $member | Set-CASMailbox –ActiveSyncEnabled $true # Remove the # sign in front of the Get-CASMailbox statement for status information # Get-CASMailbox $member.Name | Select-Object Name, ActiveSyncEnabled }
Free Windows Admin Tool Kit Click here and download it now
August 19th, 2011 2:51am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics