Exch2010 - 删除没有 activesyncdevice 的设备的 ActiveSyncAllowedDeviceID

tag-icon tag-icon exchange-2010 powershell activesync
Exch2010 - 删除没有 activesyncdevice 的设备的 ActiveSyncAllowedDeviceID

我有一些用户拥有多个 ActiveSyncAllowedDeviceID,但他们只有 1 个 ActiveSyncDevice 合作关系。请注意,android-deviceid 是一部真实手机,testdevicepleaseignore 是过去与设备合作关系一起被移除的设备。

[PS] C:\Windows\system32>Get-ActiveSyncDevice -Mailbox username

UserDisplayName         : org.local/Sites/IT Department/Users/Firstname Lastname
DeviceAccessState       : Allowed
DeviceAccessStateReason : Individual
Name                    : Android§android-deviceid
DistinguishedName       : CN=Android§android-deviceid,CN=ExchangeActiveSyncDevices,CN=Firstname Lastname,OU=Users,OU=IT Department,OU=Sites,DC=org,DC=local
Identity                : org.local/Sites/IT Department/Users/Firstname Lastname/ExchangeActiveSyncDevices/Android§android-deviceid
ObjectCategory          : org.local/Configuration/Schema/ms-Exch-Active-Sync-Device
ObjectClass             : {top, msExchActiveSyncDevice}


[PS] C:\Windows\system32>Get-CASMailbox username | fl


EmailAddresses                     : {SIP:[email protected], smtp:[email protected], SMTP:[email protected]}
PrimarySmtpAddress                 : [email protected]
SamAccountName                     : username
DisplayName                        : Firstname Lastname
ActiveSyncAllowedDeviceIDs         : {testdevicepleaseignore, android-deviceid}
ActiveSyncBlockedDeviceIDs         : {}
ActiveSyncMailboxPolicy            : Default
DistinguishedName                  : CN=Firstname Lastname,OU=Users,OU=IT Department,OU=Sites,DC=org,DC=local
Identity                           : org.local/Sites/IT Department/Users/Firstname Lastname
ObjectCategory                     : org.local/Configuration/Schema/Person
ObjectClass                        : {top, person, organizationalPerson, user}

问题是,如果我在控制台中删除某个设备的配对(或者擦除某个设备),它不会将其从 ActiveSyncAllowedDeviceIDs 中删除,并且用户可以重新添加该设备而无需将其隔离。

刚刚写了一个快速而粗糙的 powershell 来执行此操作。可以使用一些关于如何加快速度的建议:

这是我刚刚想到的快速而粗略的方法。虽然需要很长时间(因为它要遍历每个设备),但确实有效。

$casmbxs = Get-CASMailbox -ResultSize unlimited
foreach ($casmbx in $casmbxs){
    foreach ($asdevid in $casmbx.ActiveSyncAllowedDeviceIDs){
        $asdev = get-activesyncdevice | where {$_.DeviceID -eq $asdevid}
        if (!$asdev) {
            write-host "Removing " $asdevid " from " $casmbx.Identity
            Set-CASMailbox -Identity $casmbx.Identity -ActiveSyncAllowedDeviceIDs @{REMOVE=$asdevid}
        }
    }
}

答案1

关于如何加速 PS 的建议:

$casmbxs = Get-CASMailbox -ResultSize unlimited
foreach ($casmbx in $casmbxs){
    $username = [String]$casmbx.SamAccountName
    foreach ($asdevid in $casmbx.ActiveSyncAllowedDeviceIDs){
        $asdev = get-activesyncdevice -Mailbox $username | where {$_.DeviceID -eq $asdevid}
        if (!$asdev) {
            write-host "Removing " $asdevid " from " $casmbx.Identity
            Set-CASMailbox -Identity $casmbx.Identity -ActiveSyncAllowedDeviceIDs @{REMOVE=$asdevid}
        }
    }  
}

不需要遍历所有 ActiveSync 设备,只需遍历与您当前正在处理的用户邮箱相关的设备。

相关内容