locked
Exchange Management Shell command to add users to an ActiveSync Mailbox Policy based on group membership RRS feed

  • Question

  • Hello,
    New to Exchange 2010 but I am an veteran Exchange 2003 admin. I'm still learning the EMS and I am having difficulty comming up with a command to add users to an ActiveSync Mailbox Policy based on group membership. Here is what I've come up with so far...

    Get-Mailbox | {$_.group -match "HighSecurityActiveSyncGroup"} | Set-CASMailbox -activesyncmailboxpolicy(Get-ActiveSyncMailboxPolicy "Group based ActiveSync Policy).Identity

    Bad thing about the EMS is it does not tell you if your command completed successfully. It just goes back to the command prompt. I have to go to the users account properties to see if the command was successful. Anyhow it's not working.

    Can someone help?
    Tuesday, February 2, 2010 7:18 PM

Answers

  • $group = Read-Host "Enter the Group name"

    if (Get-DistributionGroup $group){

    $members = Get-DistributionGroupMember $group
    foreach ($member in $members){
    Set-CASMailbox -ActiveSyncMailboxPolicy $group.name
    }
    }

    else {Write-Host "That group name was not found."}

    • Marked as answer by Elvis Wei Tuesday, February 9, 2010 3:03 AM
    Tuesday, February 2, 2010 10:48 PM

All replies

  • How many different groups/policies do you have?
    Tuesday, February 2, 2010 7:30 PM
  • We have departments who wish to have their own policies. How many could I end up having? Alot :)
    Tuesday, February 2, 2010 8:47 PM
  • You'll need to come up with way to map policy names to the department.  Do you want to use the user's department name, or a DL membership (or something else)?
    Tuesday, February 2, 2010 9:04 PM
  • I want it based on DL membership as departments will want different policies based on who they are.
    Tuesday, February 2, 2010 9:21 PM
  • Okay.  Will you be creating DLs with names that match the policy names?
    Tuesday, February 2, 2010 9:28 PM
  • Assumptions:

    You have a DL for each policy.  The policy name and the DL name are the same, and all begin with AS_POL_

    No other DL's beging with that string

    $groups = get-distributiongroup AS_Pol_*
    foreach ($group in $groups){
    $members = Get-DistributionGroupMember $group
    foreach ($member in $members){
    Set-CASMailbox $member -ActiveSyncMailboxPolicy $group.name
    }
    }

    Tuesday, February 2, 2010 9:47 PM
  • Assumptions:

    You have a DL for each policy.  The policy name and the DL name are the same, and all begin with AS_POL_

    No other DL's beging with that string

    $groups = get-distributiongroup AS_Pol_*
    foreach ($group in $groups){
    $members = Get-DistributionGroupMember $group
    foreach ($member in $members){
    Set-CASMailbox $member -ActiveSyncMailboxPolicy $group.name
    }
    }

    Thank You so much for your help.

    Yes I will have the DL name reflect the activesync policy. I was hoping to somehow modify the below command sequence so all I have to do is change the groupname and activesync policy name. We want to be able to setup one group pair at a time.

    The script you supplied would work for me although I would modify the AS_POL part to someting like ASPOL_DEPT_* or something like that. Would I run that directly from the EMS command prompt?
    Tuesday, February 2, 2010 10:22 PM
  • Yes.  Since it's using the Exchange cmdlets, you'll need to either run if from an EMS prompt, or load the required Exchange snappins first if you're starting from a generic powershell prompt.

    I can give you a modified version that will prompt for the group name and only process one group if that will help.

    Tuesday, February 2, 2010 10:43 PM
  • $group = Read-Host "Enter the Group name"

    if (Get-DistributionGroup $group){

    $members = Get-DistributionGroupMember $group
    foreach ($member in $members){
    Set-CASMailbox -ActiveSyncMailboxPolicy $group.name
    }
    }

    else {Write-Host "That group name was not found."}

    • Marked as answer by Elvis Wei Tuesday, February 9, 2010 3:03 AM
    Tuesday, February 2, 2010 10:48 PM
  • Thank you very much mjolinor for all your help.
    Tuesday, February 2, 2010 11:32 PM
  • No problem. 


    You now owe the forum (pay it forward)...:)
    Wednesday, February 3, 2010 12:11 AM
  • $group = Read-Host "Enter the Group name"

    if (Get-DistributionGroup $group){

    $members = Get-DistributionGroupMember $group
    foreach ($member in $members){
    Set-CASMailbox -ActiveSyncMailboxPolicy $group.name
    }
    }

    else {Write-Host "That group name was not found."}


    I am trying to run this same command and it comes up and asks for the group name and i enter it in and then it wants an identity??

    cmdlet Set-CASMailbox at command pipeline position 1

    Supply values for the following parameters:

    Identity:

     

    This is using the EMS shortcut from the default exchange 2007 sp1 sr9 install.

    Wednesday, June 2, 2010 9:32 PM
  • Try this:

     

    $group = Read-Host "Enter the Group name"

    if (Get-DistributionGroup $group){

    $members = Get-DistributionGroupMember $group
    foreach ($member in $members){
    Set-CASMailbox $member -ActiveSyncMailboxPolicy $group.name
    }
    }

    else {Write-Host "That group name was not found."}


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Wednesday, June 2, 2010 10:24 PM