Hello, Please could someone help me. We would like to disable ActiveSync on all mailboxes except for users which are members of a security group "ActiveSync Allowed". I have had some success by scheduling powershell script to run on a daily basis to disable activesync for any users which may have been added/enabled during the previous day. I have managed to get this working by scheduleding the following:Get-User -ResultSize Unlimited | Where {($_.WhenCreated -gt (get-date).adddays(-1))} | Set-CASMailbox –ActiveSyncEnabled $falseHowever I would like this to exclude a number of users. These users are a member of a security group "ActiveSync Allowed" Is it possible to somehow get all users in the Exchange 2007 environment but exclude members of this group from the above powershell? Alternativley any other methods would be welcome.Many ThanksMark

On Tue, 19-Jan-10 22:40:22 GMT, dmxop11 wrote:>Hello, Please could someone help me. We would like to disable ActiveSync on all mailboxes except for users which are members of a security group "ActiveSync Allowed". I have had some success by scheduling powershell script to run on a daily basis to disable activesync for any users which may have been added/enabled during the previous day. I have managed to get this working by scheduleding the following:Get-User -ResultSize Unlimited | Where {($_.WhenCreated -gt (get-date).adddays(-1))} | Set-CASMailbox ?ActiveSyncEnabled $falseHowever I would like this to exclude a number of users. These users are a member of a security group "ActiveSync Allowed" Is it possible to somehow get all users in the Exchange 2007 environment but exclude members of this group from the above powershell? Alternativley any other methods would be welcome.Many ThanksMark Try this:$m = Get-DistributionGroupMember "Group-Name";get-mailbox -resultsizeunlimited | where {$m -notcontains $_.name} | set-casmailbox etc.What this WON'T do is to enable ActiveSync for the members of thegroup.---Rich MatheisenMCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

This should work for enabling your group of allowed ActiveSync users. Save the commands in a text file with the extension .PS1 and run the script from a PowerShell command line, such as: [PS] C:\Scripts>.\allow-activesync.ps1 --------------- SCRIPT ------------- # Clear screen (used for testing purposes) Clear-Host # Assign all members of the DG to the dynamic array $allMembers = Get-DistributionGroupMember -Identity ' ActiveSync Allowed' # Loop through the array foreach ($member in $allMembers) { # Set ActiveSync for each member of the array $member | Set-CASMailbox –ActiveSyncEnabled $true # Remove the # sign in front of the Get-CASMailbox statement for status information # Get-CASMailbox $member.Name | Select-Object Name, ActiveSyncEnabled } MCTS: Messaging | MCSE: S+M | Small Business Specialist

Question: Would these need to be 2 separate scripts? Or is it possible to disable activesync global and only need to run the script to enable AS based on group membership? Thanks, Matt

I'm also looking for the same sort of script. Sort of an If part of the "ActiveSync Allowed" group, then enable activesync Else Disable ActiveSync Thanks, Ryan