Powershell script / task to allow or block ActiveSync based on security group membership
Hi Everyone,
I thought I'd contribute a script to enable or disable ActiveSync for Exchange 2007 based on membership in a security group. Since new users/mailboxes default to this being on this would need to run regularly as a scheduled task. Here it is:
#Script to enable ActiveSync for users in S_ALLOW_ACTIVESYNC and disable it for everyone else
#By Jason Umiker 28/3/11 - Version 1.0
$Mailboxes = Get-Mailbox -RecipientTypeDetails UserMailbox ResultSize Unlimited -Filter {HiddenFromAddressListsEnabled -eq $false}
$masgroup = [ADSI] "LDAP://CN=S_ALLOW_ACTIVESYNC,OU=SecurityGroups,DC=example,DC=com"
$AllowedMailboxes = $masgroup.member | %{$_.split(",")[0]} | %{$_.split("=")[1]} | get-mailbox
$AllowedMailboxes = $AllowedMailboxes | ?{$_.HiddenFromAddressListsEnabled -eq $false}
$DeniedMailboxes = compare-object -referenceobject $Mailboxes -differenceobject $AllowedMailboxes -passthru:$True -syncwindow 2500 | Where-Object { $_.SideIndicator -eq '<=' }
$AllowedCASMailboxes = $AllowedMailboxes | Get-CASMailbox
#write-host "Mailboxes being activated for ActiveSync
#$AllowedCASMailboxes | ?{$_.activesyncenabled -eq $False} | write-host
$AllowedCASMailboxes | ?{$_.activesyncenabled -eq $False} | set-casmailbox -activesyncenabled $True
$DeniedCASMailboxes = $DeniedMailboxes | Get-CASMailbox
#write-host "Mailboxes being disabled for Active3Sync
#$DeniedCASMailboxes | ?{$_.activesyncenabled -eq $True} | write-host
$DeniedCASMailboxes | ?{$_.activesyncenabled -eq $True} | set-casmailbox -activesyncenabled $False
March 29th, 2011 10:39am
We have a resource domain called exchange.local and two active domain Domain1 and Domain2. When we create a new e-mail account its a linked account from either domain1 or domain2.
Not every user has an e-mail account matching in the exchange.local resource domain.
Since I am not a script expert, how would you modify the script for this environment.
Free Windows Admin Tool Kit Click here and download it now
March 29th, 2011 2:43pm