I’ve seen lots of posts on similar topics but nothing exactly like this. Our global ActiveSync policy is enabled. However, one of our divisions, HR, requested to have ActiveSync disabled for their users who deal with a lot of PII/HIPPA information except for a select sub-group of managers in that division. Yes, the code is a little klunky. I’m sure there are much easier ways to do it. It would especially be easier if I could compare a CASMailbox object to see if it might be contained in an array of CASMailbox objects. But that's beyond my scripting capabilities for now. Since I couldn’t get that down, I resorted to comparing a string to see if it’s contained in an array of string objects. I welcome your feedback!
$inctime = Get-Date -Format HHmmss
$filename = "HRDisableActiveSync_" + $inctime
$outfilepath = "D:\" + $filename
$HRASAllowedMbxs = @()
$HRASAllowedMembers = Get-DistributionGroupMember -Identity "HR ActiveSync Allowed"
# $HRASAllowedMembers is an array of elements of type ReducedRecipient which has
# properties such as DisplayName and PrimarySMTPAddress
ForEach ($HRASAllowedMember in $HRASAllowedMembers) {
$a = $HRASAllowedMember.PrimarySMTPAddress.ToString()
$HRASAllowedMbxs += $a
}
#At this point, $HRASAllowedMbxs is an array of text strings which are SMTP addresses
$HRNoASMbxs = (Get-CASMailbox | Where-Object {$_.DisplayName -like "*(HR)"})
#$HRNoASMbxs = (Get-CASMailbox | Where-Object {$_.SAMAccountName -match "[Hh][Rr]\d\d\d\d"})
#At this point, $HRNoASMbxs is an array of CASMailbox objects
ForEach ($HRNoASMbx in $HRNoASMbxs)
{
$b = $HRNoASMbx.PrimarySMTPAddress.ToString()
$c = $HRNoASMbx.DisplayName
if ($HRASAllowedMbxs -NotContains $b)
{
Set-CASMailbox -Identity $b -ActiveSyncEnabled $false
$MbxOutput = "ActiveSync disabled for $c"
$MbxOutput | Out-File -Filepath $outfilepath -Append
}
else
{
$MbxOutput = "ActiveSync ENABLED for $c"
$MbxOutput | Out-File -Filepath $outfilepath -Append
}
}
KYPaul