none
For Exchange 2013, enable ActiveSync based on AD group membership RRS feed

  • Question

  • Hi,

    May I know using FIM 2010, In Exchange 2013 - how to enable/disable ActiveSync based on AD group membership.

    Any help/suggestion would be much appreciated.

    Thanks in advance.

    Regards,
    AP

    Friday, June 24, 2016 4:09 PM

All replies

  • Unfortunately, ActiveSync is a permission granted in Exchange.

    Per http://mobilitydojo.net/2009/10/27/restricting-exchange-activesync-access-redux/

    You can use PowerShell to enable and disable for a particular user

    Set-CASMailbox –ActiveSyncEnabled $false –Identity user@domain.com

    Set-CASMailbox –ActiveSyncEnabled $true –Identity user@domain.com

    You could have a PowerShell workflow activity that would run these commands based on joining and leaving a set.


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    Friday, June 24, 2016 9:56 PM
  • You can manage ActiveSync by playing with this attribute (msExchOmaAdminWirelessEnable) or using PowerShell as David suggested.

    here's a good ref:

    http://sysadmin-e.com/activesync-msexchomaadminwirelessenable


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Thursday, July 7, 2016 2:35 PM
  • Taher -- I didn't know that was the attribute behind it! Thanks for sharing that tidbit.

    Here is another reference on it: http://www.flobee.net/disable-exchange-activesync-for-users-on-exchange-2010/ that seems to indicate what values are valid and what aren't valid anymore


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    Thursday, July 7, 2016 4:00 PM