Hi Everyone, I thought I'd contribute a script to enable or disable ActiveSync for Exchange 2007 based on membership in a security group. Since new users/mailboxes default to this being on this would need to run regularly as a scheduled task. Here it is: #Script to enable ActiveSync for users in S_ALLOW_ACTIVESYNC and disable it for everyone else #By Jason Umiker 28/3/11 - Version 1.0 $Mailboxes = Get-Mailbox -RecipientTypeDetails UserMailbox ResultSize Unlimited -Filter {HiddenFromAddressListsEnabled -eq $false} $masgroup = [ADSI] "LDAP://CN=S_ALLOW_ACTIVESYNC,OU=SecurityGroups,DC=example,DC=com" $AllowedMailboxes = $masgroup.member | %{$_.split(",")[0]} | %{$_.split("=")[1]} | get-mailbox $AllowedMailboxes = $AllowedMailboxes | ?{$_.HiddenFromAddressListsEnabled -eq $false} $DeniedMailboxes = compare-object -referenceobject $Mailboxes -differenceobject $AllowedMailboxes -passthru:$True -syncwindow 2500 | Where-Object { $_.SideIndicator -eq '<=' } $AllowedCASMailboxes = $AllowedMailboxes | Get-CASMailbox #write-host "Mailboxes being activated for ActiveSync #$AllowedCASMailboxes | ?{$_.activesyncenabled -eq $False} | write-host $AllowedCASMailboxes | ?{$_.activesyncenabled -eq $False} | set-casmailbox -activesyncenabled $True $DeniedCASMailboxes = $DeniedMailboxes | Get-CASMailbox #write-host "Mailboxes being disabled for Active3Sync #$DeniedCASMailboxes | ?{$_.activesyncenabled -eq $True} | write-host $DeniedCASMailboxes | ?{$_.activesyncenabled -eq $True} | set-casmailbox -activesyncenabled $False

We have a resource domain called exchange.local and two active domain Domain1 and Domain2. When we create a new e-mail account its a linked account from either domain1 or domain2. Not every user has an e-mail account matching in the exchange.local resource domain. Since I am not a script expert, how would you modify the script for this environment.