Disable ActiveSync in bulk with Exchange Management Shell commands

With this Exchange Management Shell script, you can disable 5,000 or more ActiveSync device users in Exchange Server 2007, securing sensitive data from potential loss.

In an organization that handles sensitive data, such as medical records or financial information, administrators must actively protect that data from leaking out of the network. In an Exchange Server 2007 organization with more than 5,000 users, one way to do this is to disable ActiveSync.


ActiveSync is enabled by default in Exchange 2007. By disabling ActiveSync for all Exchange users -- except those explicitly authorized to use it -- you move one step closer to limiting potential data loss. Disabling ActiveSync can also help you understand what's happening within your network.

The simplest way to disable ActiveSync for several users is to apply the following Exchange Management Shell (EMS) script.

Exchange Management Shell script to disable ActiveSync in bulk
(Click on script for enlarged view and script download.)

Note: This script was adapted from Microsoft TechNet's Script Center.

To ensure that this script works correctly, save it with a .PS1 extension and provide a text-based input file of recipients in the location of the variable $SourceFile for it to run against. I chose to use the Exchange alias as my input values in this list because it is a globally unique value in any Exchange organization.

After the script runs, check your log file to see if there were any issues when disabling ActiveSync. When running this for more than 5,000 recipients, I had no errors. You should receive similar results.

If you already have a group of authorized ActiveSync users and want them to continue using ActiveSync, there are two options.

  1. Disable ActiveSync for all users. Then run a modified version of the script using ActiveSyncEnabled $true to re-enable ActiveSync for users who were previously placed into your text-based input file.
  2. The other option is to ensure that those users are not included in your original text-based input file. Check that you have the correct recipients in the text file for the disable/enable operation you want to perform, or you'll have to repeat the process to get it correct.

About the author: Will Schmied is a senior systems administrator for a children's research hospital. He holds numerous Microsoft MCITP, MCTS and other certifications, and has been involved with Exchange and Blackberry for many years. He has also been actively involved with IT certification and training for several years, writing or contributing to several dozen books and has founded the popular certification portal, MCSE World. Will also manages the Tales of a System Administrator blog.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com. 

This was first published in April 2009

Dig deeper on Microsoft Exchange Server 2007

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close