de-DEen-GB
 
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.
Last updated: 20174-02-22

Description

This is the Exchange 2013+ version of the Exchange 2010 version found here.

This script removes orphaned mobile device partnerships from Exchange Server 2013+ user mailboxes. Run the script as a scheduled task to maintain your Exchange Server environment properly.

This script utilizes a settings.xml file to configure

  • SMTP settings for email reports
  • Threshold values for mobile devices
    • Default number of allowed devices per user: 5
    • Defaul number of aged devices to be removed: 1
    • Default threshold for unsynchronized devices: 150 days

Settings.xml (default)

<?xml version="1.0"?>
<Settings>
  <EmailSettings>	
    <SMTPServer>smtp.mcsmemail.de</SMTPServer>
    <SMTPPort>25</SMTPPort>
    <MailFrom>postmaster@mcsmemail.de</MailFrom>
    <MailTo>postmaster@mcsmemail.de</MailTo>
  </EmailSettings>
  <OtherSettings>
	<!-- MobileDeviceLimit defines the overall threshold of mobile devices for a single user to synchronize. Default is 5. -->
	<MobileDeviceLimit>5</MobileDeviceLimit>

	<!-- AgedDeviceLimit defines the threshold of allowed aged devices for a single user to be removed. Default is 1. -->
	<AgedDeviceLimit>1</AgedDeviceLimit>

	<!-- Time threshold in days to identify old mobile devices, Be default devices not synchronized for 150 days will be removed -->
    <LastSyncDays>150</LastSyncDays>
  </OtherSettings>
</Settings>

Steps being executed by the script:

  1. Fetch all user mailboxes hosted on Exchange Server 2013 or later
  2. Iterate through each user mailbox and determine the number of mobile devices and the number of devices which have not synchronized since 150 days
  3. Remove mobile device registration, if a user has more than the allowed number of devices in total and a minimum of 1 device that has not synced within 150 days and the -ReportOnly switch has not been used
  4. Optionally, write a CSV export of identified mobile devices to disk | Use -ReportOnly switch
  5. Optionally, send an email report | Use -SendMail switch

Examples

# EXAMPLE 1
# Remove old mobile device partnerships without sending a report email

 .\Remove-MobileDevicePartnership.ps1 

# EXAMPLE
# Remove old mobile device partnerships and send a report email

# .\Remove-MobileDevicePartnership.ps1 -SendMail

Version History

  • 1.0, Initial community release
  • 1.1, ReportOnly switch added

Links

Follow

 

 

Read More »

Problem

It might happen that a mobile device running an Android operating system is not being redirected properly by the on-premises AutoDiscover service, when the mailbox has been migrated to Office 365.

If your device is not redirected, the device prefix is not recognized by Exchange Server and therefore not being redirected properly. The new device redirect feature for Android devices was introduced in Exchange Server 2010 SP3 RU9, Exchange Server 2013 CU8, and Exchange Server 2016.

The following device prefixes are known to Exchange by default:

  • Acer, ADR9, Ally, Amazon, Android, ASUS, EasClient, FUJITSU, HTC, HUAWEI, LG, LS, Moto, Mozilla, NEC, Nokia, Palm, PANASONIC, PANTECH, Remoba, Samsung, SEMC, SHARP, SONY-, TOSHIBA, Vortex, VS, ZTE

Solution

If the device prefix of your device is not part of the default list, you can add the prefix to the AutoDiscover web.config file. 

Add the device prefix to the MobileSyncRedirectBypassClientPrefixes key in the appSettings node.

  <appSettings>
    <add key="LiveIdBasicAuthModule.AllowLiveIDOnlyAuth" value="true" />
    <add key="LiveIdBasicAuthModule.ApplicationName" value="Microsoft.Exchange.Autodiscover" />
    <add key="LiveIdBasicAuthModule.RecoverableErrorStatus" value="456" />
    <add key="LiveIdBasicAuthModule.PasswordExpiredErrorStatus" value="457" />
    <add key="ActiveManagerCacheExpirationIntervalSecs" value="5" />
    <add key="ProxyRequestTimeOutInMilliSeconds" value="30000" />
    <add key="LiveIdNegotiateAuxiliaryModule.AllowLiveIDOnlyAuth" value="true" />
    <add key="TrustedClientsForInstanceBasedPerfCounters" value="bes" />
    <add key="InstanceBasedPerfCounterTimeWindowInterval" value="900000" />
    <add key="MobileSyncRedirectBypassEnabled" value="true" />
    <add key="MobileSyncRedirectBypassClientPrefixes" value="Acer,ADR9,Ally,Amazon,Android,ASUS,EasClient,FUJITSU,HTC,HUAWEI,LG,LS,Moto,Mozilla,NEC,Nokia,Palm,PANASONIC,PANTECH,Remoba,Samsung,SEMC,SHARP,SONY-,TOSHIBA,Vortex,VS,ZTE" />
  </appSettings>

File location

%ExchangeInstallPath%\ClientAccess\Autodiscover\web.config

Notes

  • Modify the web.config on each Exchange 2010/2013 Client Access Server and each Exchange 2016 server.
  • After installing an Exchange 2013/2016 CU, the web.config must be modified again.

As always: Be careful when modifying application settings. Test such changes in a test environment first, if possible.

Links

 


You need assistance with your Exchange Server setup? You have questions about your Exchange Server infrastructure and going hybrid? You are interested in what Exchange Server 2016 has to offer for your environment?

Contact me at thomas@mcsmemail.de
Follow at https://twitter.com/stensitzki

Read More »

Description

This script removes orphaned ActiveSync device partnerships from Exchange Server 2010 user mailboxes. Run the script as a scheduled job to maintain your Exchange Server environment properly.

Modifiy the script path variables to fit your requirements. The variables are configured in the ### BEGIN Variables section.

Steps being executed by the script:

  1. Fetch all user mailboxes
  2. Iterate through each user mailbox and determine the number of ActiveSync devices and the number of devices which have not synchronized since 150 days
  3. Delete ActiveSync device registration, if a user has more than 4 devices in total and a minimum of 1 device that has not synced within 150 days

Examples

Remove-ActiveSyncDevicePartnership

Version History

  • 1.0, Initial community release

Links

Additional Credits

Additional credits go to Sebastian Rubertus

Follow

 

 

Read More »