Exchange 2010 – The ActiveSyncDevice identity cannot be found

Why not mention Exchange 2010 bug – The ActiveSyncDevice identity cannot be found.

Symptoms

  • The user has a Microsoft Exchange ActiveSync partnership that works as expected.
  • You move the user to a new organizational unit (OU) or rename a user account in Active Directory Domain Services (AD DS).
  • You try to perform a remote wipe operation for the device in the Exchange Management Console (EMC).

15-04-2013 12-19-41

KB

http://support.microsoft.com/kb/2721428

Reporting

Get-ActiveSyncDevice -Mailbox 00164 | select UserDisplayName,Identity 

UserDisplayName : liintra.intra/Users/00164
Identity : liintra.intra/Users2/00164/ExchangeActiveSyncDevices/NokiaEmail§IMiEI284675044284679

Affected objects can be found and reported (csv):

[PS] C:\>Get-ActiveSyncDevice -ResultSize unlimited | sort -Property Identity -Unique | select Identity,UserDisplayName | ? {$_.Identity -notmatch $_.UserDisplayName} | select UserDisplayName,Identity  | Export-Csv -Delimiter "," -Encoding unicode -Path "C:\Users\filip\Desktop\Report170413.txt"

Solution

  • Remove-ActiveSyncDevice –Identity “new path = Identity from Get-ActiveSyncDevice“
Remove-ActiveSyncDevice -Identity "liintra.intra/Users2/00164/ExchangeActiveSyncDevices/NokiaEmail§IMiEI284675044284679"
  • During the next mail sync user’s device will perform full sync automatically, but the sync will take longer than usually.
Advertisements

Rights Management Service (RMS) – IRM implementation for Exchange 2010 SP2 ActiveSync

This article is written as part 2 for http://exkb.wordpress.com/2012/08/16/rights-management-service-rms-irm-implementation-for-exchange-2010-sp2-owa/

Prerequisite is to have enabled certification pipeline for mobile devices on RMS server if you have Exchange 2010 RTM installed.

  • First thing is to set up correct Active Sync policy (Policy must support device encryption and must not support nonprovisionable devices, Require password parameter must be set.)
new-ActiveSyncMailboxPolicy -Name 'RMS project' -AllowNonProvisionableDevices $false -DevicePasswordEnabled $true -AlphanumericDevicePasswordRequired $false
-MaxInactivityTimeDeviceLock '00:30:00' -MinDevicePasswordLength '4' -PasswordRecoveryEnabled $false -RequireDeviceEncryption $true -AttachmentsEnabled $true
-AllowSimpleDevicePassword $true -DevicePasswordExpiration '500.00:00:00' -DevicePasswordHistory '12' -DevicePolicyRefreshInterval '17.12:00:00'
-MaxDevicePasswordFailedAttempts '6' -IrmEnabled $true
 
Setting AS policy for RMS

Setting AS policy for RMS

Setting AS policy for RMS

Setting AS policy for RMS

  • Second thing is to apply new Active Sync policy to the mailbox, you want to have IRM enabled
Get-CASMailbox <identity> | Set-CASMailbox -ActiveSyncMailboxPolicy "RMS Project"

UPDATE: IRM works even -AllowNonProvisionableDevices is set to $true