Change ActiveSync Policy Based on AD group

/ October 24, 2016

There has been a requirement that we need to change the policy of certain users & need to automate the process based on AD group.

We have written below script to do this job, this script uses QAD AD Shell & Exchange management shell.

It fetches group members from the AD group export them in csv (so that it can compare afterwards & only changes are processed)

When running the script for the first time it will generate a CSV file of group members (empty the whole file except one user that you can process manually)

After that you can just schedule the script it will run incrementally.

  • When ever new user is added to the group –> Active sync policy will be updated
  • When user is removed from the group –> Activesync policy will be changed to default
  • Recycle logs after 30 days
  • If error occurs than send alert.

Download & extract the script from below link

https://gallery.technet.microsoft.com/scriptcenter/Change-ActiveSync-Policy-10840be7

Update the below values as per customer’s environment:

———————————————————————–

$smtpServer = “smtpserver”

$fromadd = “DoNotReply@labtest.com”

$email1 = “VikasS@labtest.com”

 

$Asyncpol = “ActiveSync Policy”

$defAsyncpol = “Default ActiveSync Policy”

$group = “AD Group”

——————————————————————————

Thanks to “Lazy Admin” as incremental code has been taken from one of his blog post.

http://www.lazywinadmin.com/

 

###################################################################### 
#               Author: Vikas Sukhija(http://techwizard.cloud) 
#               Date:- 03/16/2016 
#        Reviewer:- 
#               Description:- Change activesync policy based on  
#               a particular AD group. 
###################################################################### 
 
$date1 = get-date -format d 
$date1 = $date1.ToString().Replace("/","-"$dir".\logs" 
$limit = (Get-Date).AddDays(-30) 
 
$logs = ".\Logs" + "\" + "Processed_" + $date1 + "_.log" 
 
$smtpServer = "smtpserver" 
$fromadd = "DoNotReply@labtest.com" 
$email1 = "VikasS@labtest.com" 
 
Start-Transcript -Path $logs 
 
######Add Quest Shell & define attrib/ group value############ 
 
If ((Get-PSSnapin | where {$_.Name -match "Quest.ActiveRoles.ADManagement"}) -eq $null) 
{ 
    Add-PSSnapin Quest.ActiveRoles.ADManagement 
} 
 
#######Add exchange Shell ############################## 
 
If ((Get-PSSnapin | where {$_.Name -match "Microsoft.Exchange.Management.PowerShell.E2010"}) -eq $null) 
{ 
    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 
} 
 
$Asyncpol = "ActiveSync Policy" 
$defAsyncpol = "Default ActiveSync Policy" 
 
$group = "AD Group" 
 
################################################################# 
 
$groupmem = Get-QADGroupMember $group -sizelimit 0 
 
$groupmem 
 
$Statefile = "$($group)-Name.csv" 
 
 
# If the file doesn't exist, create it 
 
   If (!(Test-Path $Statefile)){   
                $groupmem | select Name | Export-csv $Statefile -NoTypeInformation  
                } 
 
# Check Changes 
$Changes =  Compare-Object $groupmem $(Import-Csv $StateFile-Property Name |  
                Select-Object Name, 
                    @{n='State';e={ 
                        If ($_.SideIndicator -eq "=>"){ 
                            "Removed" } Else { "Added" } 
                        } 
                    } 
 
$Changes | foreach-object{ 
          
    if($_.state -eq "Added") { 
 
        Write-host "$Asyncpol will be updated to "$_.Name"" -foregroundcolor green 
           $checkasync = Get-CASMailbox -Identity $_.Name 
        if($checkasync.ActiveSyncEnabled -eq $true){ 
    Set-CASMailbox -Identity $_.Name -ActiveSyncMailboxPolicy $Asyncpol}} 
     
     
        if($_.state -eq "Removed") { 
        $userid = "$_.Name" 
        Write-host "$Asyncpol will be removed from "$_.Name"" -foregroundcolor Red 
    $checkasync = Get-CASMailbox -Identity $_.Name 
        if($checkasync.ActiveSyncEnabled -eq $true){ 
    Set-CASMailbox -Identity $_.Name -ActiveSyncMailboxPolicy $defAsyncpol}} 
     
      } 
 
$groupmem | select Name | Export-csv $StateFile -NoTypeInformation 
 
###########################Recycle########################################## 
 
$path = $dir  
  
Get-ChildItem -Path $path  | Where-Object {   
$_.CreationTime -lt $limit } | Remove-Item -recurse -Force  
 
#######################Report Error######################################### 
if ($error -ne $null) 
      { 
#SMTP Relay address 
$msg = new-object Net.Mail.MailMessage 
$smtp = new-object Net.Mail.SmtpClient($smtpServer) 
 
#Mail sender 
$msg.From = $fromadd 
#mail recipient 
$msg.To.Add($email1$msg.Subject = "Activesync Policy Script error" 
$msg.Body = $error 
$smtp.Send($msg$error.clear() 
       } 
  else 
 
      { 
    Write-host "no errors till now" 
      } 
 
$path = ".\logs\" 
$limit = (Get-Date).AddDays(-30) #for log recycling 
 
########################Recycle logs ###################################### 
 
Get-ChildItem -Path $path  | Where-Object {   
$_.CreationTime -lt $limit } | Remove-Item -recurse -Force  
stop-transcript 
 
##########################################################################

Thanks for reading and downloading

Tech Wizard

https://techwizard.cloud

https://syscloudpro.com/

 

Related posts

Leave a comment