Enable ActiveSync based on User Group membership

Hi All,

I am sharing a script that will enable users for activesync based on  groups & disables activesync for other users. 

example script taken from Microsoft script center has been modified to include three groups, logging & email notification.

Run the script from :- C:\scripts\EnableActivesync

————————————————————————————————————————————————————————–

######################################################################################
#    Author: Vikas Sukhija
#    Date:- 11/15/2012
#Description:- This script  will enable/disable activeync based on group memberships
######################################################################################

# Add Exchange Shell…

If ((Get-PSSnapin | where {$_.Name -match “Exchange.Management”}) -eq $null)
{
 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin
}

#add logging with date so creating date variable

$date = get-date -format d

# replace \ by –

$date = $date.ToString().Replace(“/”, “-”)
$output1 = “C:\scripts\EnableActivesync” + “\” + “ActiveSyncenabled” + $date + “_.log”
$output2 = “C:\scripts\EnableActivesync” + “\” + “ActiveSyncdisabled” + $date + “_.log”
$output3 = “C:\scripts\EnableActivesync” + “\” + “emaillog” + $date + “_.log” # for email #

add-content $output1 “———————Log activesync enabled activity——————————-”
add-content $output2 “———————Log activesync disabled activity——————————”
add-content $output3 “———————Log activesync Script activity——————————–”
# get all users…

$Users = get-Mailbox -ResultSize:unlimited

#Get All approved groups…

$approvedgroup1 = “Group1”
$approvedgroup2 = “Group2”
$approvedgroup3 = “Group3”

$groupUsers = Get-DistributionGroupMember -Identity $approvedgroup1
$Count = $groupUsers.count
Write-host $Count
$current = get-date
$now = $current.ToShortTimeString()
add-content $output1 “$now $Count users loaded from $approvedgroup1”
add-content $output3 “$now $Count users loaded from $approvedgroup1”
#————————————————————————————————————–

$groupUsers1 = Get-DistributionGroupMember -Identity $approvedgroup2
$Count = $groupUsers1.count
Write-host $Count
$current = get-date
$now = $current.ToShortTimeString()
add-content $output1 “$now $Count users loaded from $approvedgroup2”
add-content $output3 “$now $Count users loaded from $approvedgroup2”

#————————————————————————————————————–
# Find unique users from two groups

foreach ($groupmembers in $groupUsers1)
{
  if(($groupUsers | where-object{$_.Name -eq $groupmembers.Name}))
     {
   Write-host $groupmembers
    }
  else
    {

   $groupUsers += $groupmembers
  
    }

}

#————————————————————————————————————–

$groupUsers2 = Get-DistributionGroupMember -Identity $approvedgroup3
$Count = $groupUsers2.count
$current = get-date
$now = $current.ToShortTimeString()
add-content $output1 “$now $Count users loaded from $approvedgroup3”
add-content $output3 “$now $Count users loaded from $approvedgroup3”

#————————————————————————————————————–

# Find unique users

foreach ($groupmembers in $groupUsers2)
{
  if(($groupUsers | where-object{$_.Name -eq $groupmembers.Name}))
     {
   Write-host $groupmembers
    }
  else
    {

   $groupUsers += $groupmembers
  
    }
}
#————————————————————————————————————–

$Count = $groupUsers.count
Write-host $Count unique users loaded
$current = get-date
$now = $current.ToShortTimeString()
add-content $output1 “$now $Count unique users loaded”
add-content $output3 “$now $Count unique users loaded”

#————————————————————————————————————–

#Now compare the group members with all user mailboxes…

foreach ($member in $Users)
{
 

 $mailbox = Get-CasMailbox -resultsize unlimited -identity $member.Name
 
 #determine if user is member of allowed groups

 if(($groupUsers | where-object{$_.Name -eq $member.Name}))
 {
    #if user already has ActiveSync enabled, do nothing
           if ($mailbox.ActiveSyncEnabled -eq “true”)
  {
   
                  $current = get-date
                  $now = $current.ToShortTimeString()
                  $mbx1 = $mailbox.Name
                  Write-host “$now $mbx1 is already active sync enabled”
                  add-content $output1 “$now $mbx1 is already active sync enabled”
  }
           else
                {
                  $current = get-date
                  $now = $current.ToShortTimeString()
                  $member | Set-CASMailbox –ActiveSyncEnabled $true
                  $mbx2 = $mailbox.Name
                  Write-host “$now $mbx2 is enabled for active sync”
                  add-content $output1 “$now $mbx2 is enabled for active sync”
                  add-content $output3 “$now $mbx2 is enabled for active sync”
                }
         }
           #if user is not member of allowed group, disable ActiveSync
       else
       {
          if ($mailbox.ActiveSyncEnabled -eq “true”)
                {
               
                  $member | Set-CASMailbox –ActiveSyncEnabled $false
                  $current = get-date
                  $now = $current.ToShortTimeString()
                  $mbx3 = $mailbox.Name
                  Write-host “$now $mbx3 is disabled for active sync”
                  add-content $output2 “$now $mbx3 is disabled  for active sync”
                  add-content $output3 “$now $mbx3 is disabled  for active sync”
                }
           else

                {
       
                  $mbx4 = $mailbox.Name
                  $current = get-date
                  $now = $current.ToShortTimeString()
                  add-content $output2 “$now $mbx4 active sync is already disabled”
                  Write-host “$now $mbx4 active sync is already disabled”
                 }
       }

}

$current = get-date
$now = $current.ToShortTimeString()
add-content $output3 “$now Finished processing All Users”

# send email to Messaging Team with details

$message = new-object Net.Mail.MailMessage
$smtp = new-object Net.Mail.SmtpClient(“SMTP SErver”)
$message.From = “Messaging@lab.com
$message.To.Add(“vikas.sukhija@lab.com“)
$file = $output3
$att = new-object Net.Mail.Attachment($file)
$message.IsBodyHtml = $False
$message.Subject = “Manage-ActiveSync Log”
$message.Attachments.Add($att)
$smtp.Send($message)

###################################################################################################

Thanks

Vikas

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s