Retrieve a list of stale Active-Sync devices

We allow users who have signed the proper policy to access their Exchange mailbox via Active Sync devices.

Users being users, though, we quite often have active sync devices that are registered to a mailbox, but are no longer in use. Users always have a clever excuse like “Oh, i lost that last year”, or “Gee, did I forget to mention it was stolen from me?”

So, I wrote the following script that will retrieve a list of users who have an active sync device that has not synchronized in the last month.

001             
002              
003              
004              
005              
006              
007              
008              
009              
010              
011              
012              
013              
014              
015              
016              
017              
018              
019              
020              
021              
022              
023              
024              
025              
026              
027              
028              
029              
030              
031              
032              
033              
034              
035              
036              
037              
038              
039              
040              
041              
042              
043              
044              
045              
046              
047              
048              
049              
050              
051              
052              
053              
054              
055              
056              
057              
058              
059              
060              
061              
062              
063              
064              
065              
066              
067              
068              
069              
070              
071              
072              
073              
074              
075              
076              
077              
078              
079              
080              
081              
082              
083              
084              
085              
086              
087              
088              
089              
090              
091              
092              
093              
094              
095              
096              
097              
098              
099              
100              
101              
102              
103              
104              
105              
106              
107              
108              
109              
110              
111              
112              
113              
114              
115              
116              
117              
118              
119              
120              
121              
122              
123              
124              
125              
126              
127              
128              
129              
130              
131              
132              
133              
134              
135              
136              

######################################
# Script to show who has used active sync devices, but not
# in the last 30 days
#
# Karl Mitschke 3/3/2009
######################################
#First, find out if Exchange Management Shell is loaded:              
$snapins = Get-PSSnapin |select name              
$snapincount=0;              
$found = $false              
do               
{              
$founDName = $snapins[$snapincount].name              
if ($founDName -eq "Microsoft.Exchange.Management.PowerShell.Admin")              
#Exchange Shell already loaded              
{              
$found = $True              
break              
}              
$snapincount++}              
while ($snapincount -lt $snapins.Count)              
if ($found -ne $True)              
{              
Add-PSSnapin "Microsoft.Exchange.Management.PowerShell.Admin"              
}              
#Now, get all mailboxes that have an active sync partnership:              
$Mailboxes = Get-CASMailbox `              
-Filter{(HasActiveSyncDevicePartnership -eq $true)-AND (name -notlike "cas*")}`              
| select name, servername, DistinguisheDName, ActiveSyncMailboxPolicy              
$Mailboxes = $Mailboxes |Sort-Object "Name"              
$date = ( get-date ).ToString(‘yyyyMMdd’)              
$SearchDate = ( get-date ).AddDays(-29).Date              
$NumberWiped = 0              
$NumberSent = 0              
$TotalCount = 0              
$NewDevices =@()              
$prebody = "<font color=blue>Executive Summary:<br /><br />"              
$bodydetail = $bodydetail + "<br /><br />Device Information:"               
Foreach ($mailbox in $Mailboxes)              
{              
$Name = $mailbox.Name              
$DName= $mailbox.distinguisheDName              
$Stats = Get-ActiveSyncDeviceStatistics -mailbox $DName              
if($Stats.count -lt 2 -and $Stats -ne $null)              
{              
if ($stats.LastSuccessSync -lt $SearchDate)              
{              
if ($stats.LastSuccessSync -eq $null)              
{              
$bodydetail = $bodydetail +"<br /><br />User " + $mailbox.Name + " has deviceID " +  $Stats.DeviceID +", which does not appear to have ever synced.<br />"              
}              
else              
{              
$bodydetail = $bodydetail +"<br /><br />User " + $mailbox.Name + " has deviceID " +  $Stats.DeviceID +", which has not had a succesful sync since "+$Stats.LastSuccessSync+"<br />"              
}              
$bodydetail = $bodydetail + $Stats.count              
$TotalCount ++              
}              
}              
if ($Stats.count -lt 2 -and $Stats -ne $null)              
{               
if ($Stats.DeviceWipeRequestTime -ne $null)              
{              
if ($Stats.DeviceWipeAckTime -ne $null)              
{              
$NumberWiped ++              
$bodydetail = $bodydetail +"<br /><br />This device was wiped on " + $Stats.DeviceWipeAckTime.ToString()              
$bodydetail = $bodydetail +"<br />Click here to remove this active sync partnership:<a href= https://webmail.contoso.com/ExchActiveSync/RemoveActiveSyncConfirm.aspx?strIdentity=&quot; + $Stats.Identity +"Remove Partnership>"              
}              
else              
{              
$NumberSent ++              
$bodydetail = $bodydetail +"><br /><font color=red><strong>This device was sent the wipe command on " + $Stats.DeviceWipeRequestTime.ToString() +"</strong></font color>"              
$bodydetail = $bodydetail +"<br />Click here to remove this active sync partnership:<a href= https://webmail.contoso.com/ExchActiveSync/RemoveActiveSyncConfirm.aspx?strIdentity=&quot; + $Stats.Identity +">Remove Partnership"              
}              
}              
$today = Get-Date              
}              
elseif ($Stats.Count -gt 1)              
{              
foreach ($Stat in $Stats)              
{              
if ($stat.LastSuccessSync -lt $SearchDate)              
{              
if ($stat.LastSuccessSync -eq $null)              
{              
$bodydetail = $bodydetail +"<br /><br />User " + $mailbox.Name + " has deviceID " +  $Stat.DeviceID +", which does not appear to have ever synced.<br />"              
}              
else              
{              
$bodydetail = $bodydetail +"<br /><br />User " + $mailbox.Name + " has deviceID " +  $Stat.DeviceID +", which has not had a succesful sync since "+$Stat.LastSuccessSync+"<br />"              
}              
$bodydetail = $bodydetail + $Stat.count              
$TotalCount ++              
}              
if ($Stat.DeviceWipeRequestTime -ne $null)              
{              
if ($Stat.DeviceWipeAckTime -ne $null)              
{              
$Wiped= ""              
$NumberWiped ++              
$bodydetail = $bodydetail +"<br /><br />This device was wiped on " + $Stat.DeviceWipeAckTime.ToString()              
}              
else              
{              
$NumberSent ++              
$bodydetail = $bodydetail +"<br /><STRONG><font color=red>This device was sent the wipe command on " + $Stat.DeviceWipeRequestTime.ToString()+"</STRONG></font color>"              
$bodydetail = $bodydetail +"<br />Click here to remove this active sync partnership:<a href= https://webmail.contoso.com/ExchActiveSync/RemoveActiveSyncConfirm.aspx?strIdentity=&quot; + $Stats.Identity +">Remove Partnership"              
}              
}              
}              
}              
}              
function sendmail([string] $body)              
{              
$SmtpClient = new-object system.net.mail.smtpClient               
$MailMessage = New-Object system.net.mail.mailmessage               
$SmtpClient.Host = "mail.contoso.com"               
$mailmessage.from = "ActiveSyncDevices@donotreply.com"               
$mailmessage.To.add("karlmitschke@contoso.com")               
$mailmessage.To.add("exchadmin@contoso.com")               
$mailmessage.Subject = "Stale Active Sync Devices"               
$mailmessage.Body = $body              
$MailMessage.IsBodyHtml = $TRUE              
$smtpclient.Send($mailmessage)               
}              
$body = "There are " + $TotalCount +" Devices that have not synced since before" + $SearchDate.ToShortDateString() +".<br />"              
$body = $body + "<br /><br />There are $NumberWiped devices that have been wiped."              
$body = $body + "<br />There are $NumberSent devices that have a pending wipe command.</font color>"              
$mail = $prebody + $Body + $BodyDetail              
sendmail($mail)              
$bodydetail = ""              
$Name = ""              
$bodySummary = ""              
$prebody = "" 

This entry was posted on December 4, 2009, 23:47 and is filed under 2007, Exchange, PowerShell, V1. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

#1 by Glenn on February 24, 2010 - 18:48

Script doesn’t seem to be working for me. I get the following error when trying to run.

The operation could not be performed because object ‘ ‘ could not be found on domain controller ‘nbc-vamr-gc02.americas.swk.pri’.
At :line:29 char:27
+ $Mailboxes = Get-CASMailbox <<<< `

The term '-Filter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At :line:30 char:7
+ -Filter <<<< {(HasActiveSyncDevicePartnership -eq $true)-AND (name -notlike "cas*")}` | select name, servername, DistinguisheDName, ActiveSyncMailboxPolicy

Should I be putting a servername somewhere?

#2 by karlmitschke on February 24, 2010 - 20:55

Hi;

This is all one line:

$Mailboxes = Get-CASMailbox
-Filter{(HasActiveSyncDevicePartnership -eq $true)-AND (name -notlike “cas*”)}
| select name, servername, DistinguisheDName, ActiveSyncMailboxPolicy

I need to figure out a way to break lines better 😉

Karl

#3 by Glenn on February 24, 2010 - 21:37

Thanks for the quick reply, also while copying off the site there is an ` near the filter (line 29). but after removing these and one lining things everything is working. Thanks, also for future maybe you can post the scripts to be downloaded, which may stop some of the line break issues.

Thanks again,
Glenn

- #4 by karlmitschke on February 24, 2010 - 22:37
  
  Glenn;
  
  I am trying to figure out how to post scripts so they can be downloaded – haven’t figured out how yet.
  
  Karl
  
#5 by albertwt on February 24, 2011 - 17:24

yes this script works really-really great Karl !

#6 by Sayed on April 26, 2011 - 02:48

Hi, pardon my ignorance but I’m getting the below error when I’m running this script on CAS server. have copied the script and made ps1 file and ran it from powershell command. please correct if missing any steps here.

[PS] C:\Program Files\Microsoft\Exchange Server\Scripts>PullActiveSync.ps1
An empty pipe element is not allowed.
At C:\Program Files\Microsoft\Exchange Server\Scripts\PullActiveSync.ps1:29 cha
r:2
+ | <<<< select name, servername, DistinguisheDName, ActiveSyncMailboxPolicy
+ CategoryInfo : ParserError: (:) [], ParseException
+ FullyQualifiedErrorId : EmptyPipeElement

- #7 by Karl Mitschke on September 7, 2011 - 13:54
  
  Hello;
  Sorry I’m so late with this.
  Change line 28,29, 30 to:
  $Mailboxes = Get-CASMailbox `
  -Filter{(HasActiveSyncDevicePartnership -eq $true)-AND (name -notlike “cas*”)} | `
  select name, servername, DistinguisheDName, ActiveSyncMailboxPolicy
  
#8 by Ryan on October 12, 2011 - 12:38

This script is SO close to working for me. I can get it to report all the devices, and send the email, but the links do not work in the email, and all of the identities point to two devices and not the individual 265 devices that the script seems to find. (I should say I am running this on 2007). Clicking on the link brings up a page:

Server Error in ‘/’ Application.

The resource cannot be found.

Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.

Requested URL: /ExchActiveSync/RemoveActiveSyncConfirm.aspx

Thanks for your work!

- #9 by Karl Mitschke on October 17, 2011 - 09:47
  
  I am sending my current script to you – let me know if it helps 🙂
  
#10 by Tim on June 1, 2012 - 08:44

Unexpected token ‘mailboxes’ in expression or statement.
At \easreports.ps1:1 char:26
+ $devices = @() $mailboxes <<<< = Get-CASMailbox -ResultSize:Unlimited | Where-Object {$_.HasActiveSyncDevicePartners
hip -eq $true -and $_.ExchangeVersion.ExchangeBuild -ilike "14*"} foreach ($m in $mailboxes) { $devices += Get-A
ctiveSyncDeviceStatistics -Mailbox $m.Identity } $devices | Export-Csv DeviceStats.csv
+ CategoryInfo : ParserError: (mailboxes:String) [], ParseException
+ FullyQualifiedErrorId : UnexpectedToken

- #11 by Karl Mitschke on June 5, 2012 - 08:36
  
  Tim;
  $devices = @() and
  $mailboxes = Get-CASMailbox ….
  are on seperate lines.
  
  Karl