Today I had to remotely wipe a users phone that was setup to our Exchange 2010 server through ActiveSync. I haven’t done this yet, since we are migrating from BlackBerry’s and usually just do a Remote Wipe on the BES server, so I figured I would try it out with ActiveSync and get a documented process and KB article created.
Ran the following commands in the Exchange Management Shell
Get-ActiveSyncDeviceStatistics -Mailbox bstollfus | fl Identity
Identity: internal.domain.com/Information_Systems/SystemsAdmins/Users/Brad Stollfus/ExchangeActiveSyncDevices/SAMSUNGPHD710SAMSUNGA00000F78349FA
Clear-ActiveSyncDevice -Identity internal.domain.com/Information_Systems/SystemsAdmins/Users/Brad Stollfus/ExchangeActiveSyncDevices/SAMSUNGPHD710SAMSUNGA00000F78349FA -NotificationEmailAddress “firstname.lastname@example.org
Initially the wipe didnt work so I rebooted the phone which didnt resolve the issue so I started to look into why. It turns out that because the way ActiveSync works with the remote wipe flag, if the user is disabled in Active Directory, the phone is unable to authenticate (obviously) and the remote wipe flag can not get received by the phone if it is unable to authenticate.
Here is an article that goes into the details a little bit more.
Apparently by default, when you go into a Distribution Group and go to the Group Information Tab and assign users to the Managed by: area, this is not enough to allow them to make changes. After some investigating I found the correct PowerShell commands to run to allow them to modify groups they are managing, and not allow them to create or delete distribution groups.
New-ManagementRole -Name OwnerDistributionGroups -Parent MyDistributionGroups
Remove-ManagementRoleEntry OwnerDistributionGroupsNew-DistributionGroup -Confirm:$false
Remove-ManagementRoleEntry OwnerDistributionGroupsRemove-DistributionGroup -Confirm:$false
New-ManagementRoleAssignment -Role OwnerDistributionGroups -Policy “Default Role Assignment Policy”
Our trainer was going to sit down with the users that were managers of these groups. She requested a list of the distribution lists, along with who was able to manager the lists. Ran the following command to get the ManagedBy info:
Get-DistributionGroup | fl Name,ManagedBy > C:distro-managedby.txt
As an Exchange administration we often find ourselves dealing with panicked users who just sent an email they shouldn’t have. If you don’t deal with it enough, you may not have the PowerShell command memorized, which is why its a good idea to document it so its easily accessible. This command works well if the subject is very specific, if its generic, you may end up deleting emails you did not intend to.
Get-Mailbox –resultsize unlimited | Search-Mailbox –SearchQuery “Subject:Spiff Results as of 2-27-12” –DeleteContent
I had our graphics department convert all of our employee photo’s to 96×96 pixel images less than 10KB so I could import them all into AD. We are looking at adding on Lync and SharePoint so I thought getting everyone’s pictures in now, would be a good idea.
Here is the Exchange PowerShell Command to import
-Import-RecipientDataProperty -Identity “Brad Stollfus” -Picture -FileData ([Byte]$(Get-Content -Path “C:UsersAdministrator.INTERNALDesktopOutlookBrad-Stollfus.jpg” -Encoding Byte -ReadCount 0))
Here is a link with more info: