Unable to remove old activesync devices in Exchange 2010 RRS feed

  • Question

  • Hi,

    I am unable to remove few of the activesync devices that have not sync past 30 days.

    I am getting the below error when running the command:

    Get-activesyncdevice -mailbox "user" | remove-activesyncdevice

    Active Directory operation failed on domain.com. This error is not retriable. Additional information:

     Access is denied.

    Active directory response: 00000005: SecErr: , problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
        + CategoryInfo          : InvalidOperation: (exchangePrincipal) [Remove-ActiveSy
       ncDevice], ADOperationException
        + FullyQualifiedErrorId : Microsoft.Exchange.Management.Tasks.RemoveMobileDevice



    • Edited by Ajay bb Wednesday, October 12, 2016 10:24 AM
    Wednesday, October 12, 2016 10:23 AM

All replies

  • The first thing to check is to make sure you have rights.  In the cmdlet documentation:


    There's a link to "Clients and mobile devices permissions" which points to:


    Make sure you have the appropriate rights.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Saturday, October 15, 2016 5:01 PM
  • Make sure the user account that you're running the Remove-ActiveSyncDevice cmdlet with has Full Control permissions on the user object that you're trying to manage.  You may find that you need to reset the inheritance on the mailbox object if the mailbox was a previously a member of an adminSDHolder protected object.
    Thursday, February 16, 2017 8:42 AM