Bulk approving existing ActiveSync devices after enabling ActiveSync quarantine

One of the biggest problems of enabling ActiveSync Quarantine in an established organization is that, once enabled, it will block all existing devices.

I needed a simple and effective way to allow ActiveSync for the existing 2500+ devices and I was surprised that I couldn’t find a script that is actually working so I am sharing mine hoping it can help someone else.

Before I tackle the script this is the cmdlet needed to enable ActiveSync quarantine in your organization

Set-ActiveSyncOrganizationSettings -DefaultAccessLevel Quarantine -AdminMailRecipients [email protected] -UserMailInsert "Your mobile device type has not yet been approved for use. Please contact the Help Desk for further assistance."

Keep in mind that this will directly quarantine all ActiveSync devices and users are likely to receive numerous emails in their inbox stating that their devices needs approval, so be ready for some phone calls.

Next step was to allow all existing devices, the script and its explanation can be found below


#Change the scope to entire forest
Set-ADServerSettings -ViewEntireForest $true

#Return all ActiveSync Devices
$as = Get-ActiveSyncDevice -ResultSize Unlimited

$as | Foreach {

#Build the user Distinguished Name
$asdn = $_.DistinguishedName.Split(',')
$dn = ""
for ($i = 2; $i -lt $asdn.length; $i++) {
$dn += $asdn[$i] + ","
#write-host $i
}

$dn = $dn.Substring(0,$dn.Length-1)

#Add the device to the Allowed Device IDs for that user
Set-CASMailbox $dn –ActiveSyncAllowedDeviceIDs @{Add=$_.DeviceId}

}

I have been working in IT consultancy and solution integration since 1998 and I consider myself lucky to be, one in a few, making a living out of my passion. I am also member of the famous Experts Exchange (profile here) online community where I try my best to share what I have learned along the road.

Posted in Messaging & Collaboration Tagged with: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*