Wednesday, February 5, 2014

Series of ActiveSync Device Cleanup scripts.

Recently on looking, I found that our email servers had 4,500 mailboxes enabled for ActiveSync. Of that, we had 5,600 devices attached to our system. Yeah, on average that's 1.25 devices per person. Expand even further, I found that we had around 100 mailboxes that we no longer enabled for ActiveSync, but still had a device attached.

These two script segments run through the mailboxes and do some cleanup.

 First off, delete devices on mailboxes that are not enabled for activesync.

$WhatOU = "HR"
$ASDisabledmbxWithDevices = get-CASmailbox -organizationalunit $WhatOU -resultsize unlimited -Filter '(ActiveSyncEnabled -eq $false)' | ?{((get-activesyncdevice -mailbox $_.identity) -ne $null)}#Generate Report of devices that will be removed.
$ASDisabledmbxWithDevices | %{Get-ActiveSyncDevice -mailbox $_.identity} | select Identity, DeviceOS, DeviceID | export-csv ".\Disabled-AS-Mailbox-Removed-Device-Report.csv" #Do cleanup...
$ASDisabledMbxWithDevices | %{Get-ActiveSyncDevice -mailbox $_.identity} | remove-activesyncdevice -confirm:$false

Secondly, look for mailboxes that have attached devices, but the last successful sync is more than ## days old. I had to add a clause where I'd avoid mailboxes where the first sync was more recent than my 'daysback' variable.

$WhatOU = "HR"
$daysBack = -45
#Remove devices that haven't successfully synced with your environment in this many days.
$NoSyncDate = $(Get-date).adddays($daysback)

#Get all mailboxes enabled for activesync that have not synced in last $DAYSBACK days.
$EnabledForAS = Get-CASMailbox -OrganizationalUnit $WhatOU -resultsize unlimited -Filter '(ActiveSyncEnabled -eq $true -and HasActiveSyncDevicePartnership -eq $true)' 

#Grab statistics before removing devices
$DeviceCountStats = $EnabledForAS | select name, @{Name="Before";Expression={$cnt = get-activeSyncDevice -mailbox $_.identity; if ($cnt -is [array]) {$cnt.count} elseif ($cnt -eq $null) {0} else {1} }},@{Name="After";Expression=" "}  | sort activesyncdevicecount,name
$OldLastSync = $EnabledForAS | %{Get-ActiveSyncDevice -Mailbox $_.identity }  | ?{$SyncStat = Get-ActiveSyncDeviceStatistics -identity $_.identity; $SyncStat.lastsuccesssync -le $NoSyncDate -and $SyncStat.firstSyncTime -le $NoSyncDate } 
#Generate some reports on devices to remove...
$OldLastSync | get-activesyncdevicestatistics | select Identity,FirstSyncTime, LastSuccessSync | export-csv ".\Old-Devices-Report.csv" 
$OldLastSync | remove-activesyncdevice -confirm:$false

#Returns # of devices associated with enabled mailboxes
$DeviceCountStats = $EnabledForAS | %{$cnt = get-activeSyncDevice -mailbox $_.identity; if ($cnt -is [array]) {$_.after=$cnt.count} elseif ($cnt -eq $null) {$_.after = 0} else {$_.after =1} }

#Consider Disabling ActiveSync for these mailboxes with 0 active devices.
$DeviceCountStats | FL

In both cases, when leaving the $WHICHOU variable empty, I ran against my entire environment. Running these against my environment, I've been able to reduce my over-all device count down to 3,339 attached devices.

No comments:

Post a Comment