Exchange 2010 – ActiveSyncOrganizationSetting


The feature called the Allow/Block/Quarantine list (or ABQ for short) was designed to help control of the growing number of Exchange ActiveSync-enabled devices are allowed to connect to Exchange Servers. With this feature, organizations can choose which devices (or families of devices) can connect using Exchange ActiveSync (and conversely, which are blocked or quarantined): Set-ActiveSyncOrganizationSetting

Controlling Exchange ActiveSync device access using the Allow/Block/Quarantine list

Set-ActiveSyncOrganizationSettings -DefaultAccessLevel Quarantine -AdminMailRecipients facility@gmail.com -UserMailInsert "Facility Service"

QUARANTINE MODE 

Environment could have enabled Default Access Level as Quarantine. It prevents to access of all devices through the Exchange ActiveSync service before explicitly approved by the administrator.

The Device ID needs to be associated to CAS mailbox, it is the real condition for syncing. It could be achieved through Exchange Management Shell and cmdlet Set-CASmailbox.

How to allow two device IDs for a user? 

Set-CASMailbox –Identity atest -ActiveSyncAllowedDeviceIDs ("Appl8801647U3NP","IMEI351996046976019")

Set-CASMailbox –Identity atest -ActiveSyncAllowedDeviceIDs @{Add="Appl8801647U3NP","IMEI351996046976019"}

How to allow  another device IDs and also remove old one? 

Set-CASMailbox –Identity atest -ActiveSyncAllowedDeviceIDs @{Remove="Appl8801647U3NP",Add="IMEI35134667777809"}

Remove devices which last successfull sync date older than 60 days: Remove-ActiveSyncDevices.ps1

Script for granting already synced device as allowed. 

When we have configured the default access level as quarantine, it means that we created new restriction and all ActiveSync users will not be able to sync their device till we allow them. PowerShell script Lock-EAS-profiles will pass through already existing ActiveSync users and allow their devices.

Please use right-click and “Save as” for downloading ps1 file otherwise the link shows source code in the same window.

But be careful: HasActivesyncDevicePartnership doesn’t reflect actually having device partnership?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s