Lock and unlock an ActiveSync device

Assume, a mobile phone or tablet device with a buggy implementation of the ActiveSync protocol causes a lot of traffic or a heavy load in your Exchange 2010 infrastructure (see this article of mine for an example). You surely could disable the ActiveSync feature for the Mailbox user to disable the access for the user completely. A better way is however to disable only the device, which causes the troubles.

Exchange management shell offers cmdlets to manage ActiveSync devices:



To see all ActiveSync devices that are connected (or have ever been connected) to the mailbox user use the following command:

Get-ActiveSyncDevice -Mailbox Mailbox | fl *device*
…………
DeviceId : HTC14b71389864f33d5f4ea6dc1dbb4f
DeviceImei :
DeviceMobileOperator :
DeviceOS : Android 2.3.3
DeviceOSLanguage :
DeviceTelephoneNumber :
DeviceType : htcbravo
DeviceUserAgent : Android-EAS/3.10.000.083346.405
DeviceModel : htcbravo
DeviceAccessState : Allowed
DeviceAccessStateReason : Global
DeviceAccessControlRule :
DeviceActiveSyncVersion : 12.1
…………

The parameter "DeviceId" contains a string, which is to be used in the next command. Use this command below to lock the device with DeviceID for the Mailbox:

Set-CASMailbox Mailbox -ActiveSyncBlockedDeviceIDs HTC14b71389864f33d5f4ea6dc1dbb4f

To verify the result re-run the first command:
Get-ActiveSyncDevice -Mailbox Mailbox | fl *device*
…………
DeviceId :  HTC14b71389864f33d5f4ea6dc1dbb4f 
DeviceImei :
DeviceMobileOperator :
DeviceOS : Android 2.3.3
DeviceOSLanguage :
DeviceTelephoneNumber :
DeviceType : htcbravo
DeviceUserAgent : Android-EAS/3.10.000.083346.405
DeviceModel : htcbravo
DeviceAccessState : Blocked
DeviceAccessStateReason : Global
DeviceAccessControlRule :
DeviceActiveSyncVersion : 12.1
…………


Also the blocked DeviceId appears in the list of the blocked device IDs for the mailbox:

Get-CASMailbox Mailbox | fl ActiveSync*
…………
ActiveSyncAllowedDeviceIDs : {}
ActiveSyncBlockedDeviceIDs : { 
HTC14b71389864f33d5f4ea6dc1dbb4f }
ActiveSyncMailboxPolicy : Default
ActiveSyncMailboxPolicyIsDefaulted : True
………


The next try to access the mailbox with the blocked device will fail and the user will receive an e-mail from the Exchange server that will notify the user about the locked device.

To reset the blocked device list for a user mailbox enter the following command:

Set-CASMailbox Mailbox -ActiveSyncBlockedDeviceIDs $nul
The command above allows all devices for a user mailbox.

3 Kommentare :: Lock and unlock an ActiveSync device

  1. Great post Hermann

  2. Thank you. I used what you shared today...in 2018!

  3. Wow :)
    This is an incredible collection of ideas!
    Waiting for more helpful pieces.
    You would amazing to read a similar one here-
    besttoolsbrand

Post a Comment