Hi All,
I am sharing a script that will enable users for activesync based on groups & disables activesync for other users.
example script taken from Microsoft script center has been modified to include three groups, logging & email notification.
Run the script from :- C:\scripts\EnableActivesync
————————————————————————————————————————————————————————–
######################################################################################
# Author: Vikas Sukhija
# Date:- 11/15/2012
#Description:- This script will enable/disable activeync based on group memberships
######################################################################################
# Add Exchange Shell…
If ((Get-PSSnapin | where {$_.Name -match “Exchange.Management”}) -eq $null)
{
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin
}
#add logging with date so creating date variable
$date = get-date -format d
# replace \ by –
$date = $date.ToString().Replace(“/”, “-”)
$output1 = “C:\scripts\EnableActivesync” + “\” + “ActiveSyncenabled” + $date + “_.log”
$output2 = “C:\scripts\EnableActivesync” + “\” + “ActiveSyncdisabled” + $date + “_.log”
$output3 = “C:\scripts\EnableActivesync” + “\” + “emaillog” + $date + “_.log” # for email #
add-content $output1 “———————Log activesync enabled activity——————————-”
add-content $output2 “———————Log activesync disabled activity——————————”
add-content $output3 “———————Log activesync Script activity——————————–”
# get all users…
$Users = get-Mailbox -ResultSize:unlimited
#Get All approved groups…
$approvedgroup1 = “Group1”
$approvedgroup2 = “Group2”
$approvedgroup3 = “Group3”
$groupUsers = Get-DistributionGroupMember -Identity $approvedgroup1
$Count = $groupUsers.count
Write-host $Count
$current = get-date
$now = $current.ToShortTimeString()
add-content $output1 “$now $Count users loaded from $approvedgroup1”
add-content $output3 “$now $Count users loaded from $approvedgroup1”
#————————————————————————————————————–
$groupUsers1 = Get-DistributionGroupMember -Identity $approvedgroup2
$Count = $groupUsers1.count
Write-host $Count
$current = get-date
$now = $current.ToShortTimeString()
add-content $output1 “$now $Count users loaded from $approvedgroup2”
add-content $output3 “$now $Count users loaded from $approvedgroup2”
#————————————————————————————————————–
# Find unique users from two groups
foreach ($groupmembers in $groupUsers1)
{
if(($groupUsers | where-object{$_.Name -eq $groupmembers.Name}))
{
Write-host $groupmembers
}
else
{
$groupUsers += $groupmembers
}
}
#————————————————————————————————————–
$groupUsers2 = Get-DistributionGroupMember -Identity $approvedgroup3
$Count = $groupUsers2.count
$current = get-date
$now = $current.ToShortTimeString()
add-content $output1 “$now $Count users loaded from $approvedgroup3”
add-content $output3 “$now $Count users loaded from $approvedgroup3”
#————————————————————————————————————–
# Find unique users
foreach ($groupmembers in $groupUsers2)
{
if(($groupUsers | where-object{$_.Name -eq $groupmembers.Name}))
{
Write-host $groupmembers
}
else
{
$groupUsers += $groupmembers
}
}
#————————————————————————————————————–
$Count = $groupUsers.count
Write-host $Count unique users loaded
$current = get-date
$now = $current.ToShortTimeString()
add-content $output1 “$now $Count unique users loaded”
add-content $output3 “$now $Count unique users loaded”
#————————————————————————————————————–
#Now compare the group members with all user mailboxes…
foreach ($member in $Users)
{
$mailbox = Get-CasMailbox -resultsize unlimited -identity $member.Name
#determine if user is member of allowed groups
if(($groupUsers | where-object{$_.Name -eq $member.Name}))
{
#if user already has ActiveSync enabled, do nothing
if ($mailbox.ActiveSyncEnabled -eq “true”)
{
$current = get-date
$now = $current.ToShortTimeString()
$mbx1 = $mailbox.Name
Write-host “$now $mbx1 is already active sync enabled”
add-content $output1 “$now $mbx1 is already active sync enabled”
}
else
{
$current = get-date
$now = $current.ToShortTimeString()
$member | Set-CASMailbox –ActiveSyncEnabled $true
$mbx2 = $mailbox.Name
Write-host “$now $mbx2 is enabled for active sync”
add-content $output1 “$now $mbx2 is enabled for active sync”
add-content $output3 “$now $mbx2 is enabled for active sync”
}
}
#if user is not member of allowed group, disable ActiveSync
else
{
if ($mailbox.ActiveSyncEnabled -eq “true”)
{
$member | Set-CASMailbox –ActiveSyncEnabled $false
$current = get-date
$now = $current.ToShortTimeString()
$mbx3 = $mailbox.Name
Write-host “$now $mbx3 is disabled for active sync”
add-content $output2 “$now $mbx3 is disabled for active sync”
add-content $output3 “$now $mbx3 is disabled for active sync”
}
else
{
$mbx4 = $mailbox.Name
$current = get-date
$now = $current.ToShortTimeString()
add-content $output2 “$now $mbx4 active sync is already disabled”
Write-host “$now $mbx4 active sync is already disabled”
}
}
}
$current = get-date
$now = $current.ToShortTimeString()
add-content $output3 “$now Finished processing All Users”
# send email to Messaging Team with details
$message = new-object Net.Mail.MailMessage
$smtp = new-object Net.Mail.SmtpClient(“SMTP SErver”)
$message.From = “Messaging@lab.com”
$message.To.Add(“vikas.sukhija@lab.com“)
$file = $output3
$att = new-object Net.Mail.Attachment($file)
$message.IsBodyHtml = $False
$message.Subject = “Manage-ActiveSync Log”
$message.Attachments.Add($att)
$smtp.Send($message)
###################################################################################################
Thanks
Vikas
Tech Wizard 