• Vik Jaswal

Enable/Disable Exchange Activesync using Powershell script

The script below enables or disables the Exchange Activesync based on specified Security group. I have tested this with Exchange 2007.

There is lot of room for improvement in the script but for now it does the job!!! Make sure to change the values to your requirements before deploying. To run this as a scheduled task refer to http://technet.microsoft.com/en-us/library/bb123798(EXCHG.80).aspx

Click here to download the script. *****************************************************************************

Set-PSDebug -Off #Import Active directory module Import-module activedirectory $arrusers = @(Get-ADUser -Filter * -SearchBase “DC=fabrikam,DC=COM“)

foreach ($arruser in $arrusers){ $arrusers1 = Get-ADUser -Filter { (samaccountname -eq $arruser.samaccountname) -and (memberOf -RecursiveMatch “CN=Enable ActiveSync,OU=Groups,DC=uk,DC=fabrikam,DC=COM“) } -SearchBase “DC=fabrikam,DC=COM#Write-host $arrusers1.DistinguishedName

#If user is member of a group enables Activesync, allows to sync any Activesync device and assign a Activesync policy If ($arrusers1) { #Write-Host “Enabling activesync for $arrusers1” set-CASMailbox -Identity $arrusers1.DistinguishedName -ActiveSyncEnabled:$True -ActiveSyncAllowedDeviceID:$null -ActiveSyncMailboxPolicy “fabrikam ActiveSync Policy” }

Else { #Write-host “disabling activesync for $arruser” set-CASMailbox -Identity $arruser.DistinguishedName -ActiveSyncEnabled:$False -ErrorAction SilentlyContinue }