Wednesday, January 2, 2013

Enable ActiveSync based on User Group membership

Hi All,


I am sharing a script that will enable users for activesync based on  groups & disables activesync for other users. 
example script taken from Microsoft script center has been modified to include three groups, logging & email notification.
Run the script from :- C:\scripts\EnableActivesync


------------------------------------------------------------------------------------------------------------


######################################################################################
#    Author: Vikas Sukhija
#    Date:- 11/15/2012
#Description:- This script  will enable/disable activeync based on group memberships
######################################################################################
# Add Exchange Shell...
If ((Get-PSSnapin | where {$_.Name -match "Exchange.Management"}) -eq $null)
{
 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin
}
#add logging with date so creating date variable
$date = get-date -format d
# replace \ by -
$date = $date.ToString().Replace(“/”, “-”)
$output1 = "C:\scripts\EnableActivesync" + "\" + "ActiveSyncenabled" + $date + "_.log"
$output2 = "C:\scripts\EnableActivesync" + "\" + "ActiveSyncdisabled" + $date + "_.log"
$output3 = "C:\scripts\EnableActivesync" + "\" + "emaillog" + $date + "_.log" # for email #
add-content $output1 "---------------------Log activesync enabled activity-------------------------------"
add-content $output2 "---------------------Log activesync disabled activity------------------------------"
add-content $output3 "---------------------Log activesync Script activity--------------------------------"
# get all users...
$Users = get-Mailbox -ResultSize:unlimited
#Get All approved groups...
$approvedgroup1 = "Group1"
$approvedgroup2 = "Group2"
$approvedgroup3 = "Group3"
$groupUsers = Get-DistributionGroupMember -Identity $approvedgroup1
$Count = $groupUsers.count
Write-host $Count
$current = get-date
$now = $current.ToShortTimeString()
add-content $output1 "$now $Count users loaded from $approvedgroup1"
add-content $output3 "$now $Count users loaded from $approvedgroup1"
#--------------------------------------------------------------------------------------------------------------
$groupUsers1 = Get-DistributionGroupMember -Identity $approvedgroup2
$Count = $groupUsers1.count
Write-host $Count
$current = get-date
$now = $current.ToShortTimeString()
add-content $output1 "$now $Count users loaded from $approvedgroup2"
add-content $output3 "$now $Count users loaded from $approvedgroup2"
#--------------------------------------------------------------------------------------------------------------
# Find unique users from two groups
foreach ($groupmembers in $groupUsers1)
{
  if(($groupUsers | where-object{$_.Name -eq $groupmembers.Name}))
     {
   Write-host $groupmembers
    }
  else
    {
   $groupUsers += $groupmembers
 
    }
}
#--------------------------------------------------------------------------------------------------------------
$groupUsers2 = Get-DistributionGroupMember -Identity $approvedgroup3
$Count = $groupUsers2.count
$current = get-date
$now = $current.ToShortTimeString()
add-content $output1 "$now $Count users loaded from $approvedgroup3"
add-content $output3 "$now $Count users loaded from $approvedgroup3"
#--------------------------------------------------------------------------------------------------------------
# Find unique users
foreach ($groupmembers in $groupUsers2)
{
  if(($groupUsers | where-object{$_.Name -eq $groupmembers.Name}))
     {
   Write-host $groupmembers
    }
  else
    {
   $groupUsers += $groupmembers
 
    }
}
#--------------------------------------------------------------------------------------------------------------
$Count = $groupUsers.count
Write-host $Count unique users loaded
$current = get-date
$now = $current.ToShortTimeString()
add-content $output1 "$now $Count unique users loaded"
add-content $output3 "$now $Count unique users loaded"
#--------------------------------------------------------------------------------------------------------------
#Now compare the group members with all user mailboxes...
foreach ($member in $Users)
{
 
 $mailbox = Get-CasMailbox -resultsize unlimited -identity $member.Name

 #determine if user is member of allowed groups
 if(($groupUsers | where-object{$_.Name -eq $member.Name}))
 {
    #if user already has ActiveSync enabled, do nothing
           if ($mailbox.ActiveSyncEnabled -eq "true")
  {
  
                  $current = get-date
                  $now = $current.ToShortTimeString()
                  $mbx1 = $mailbox.Name
                  Write-host "$now $mbx1 is already active sync enabled"
                  add-content $output1 "$now $mbx1 is already active sync enabled"
  }
           else
                {
                  $current = get-date
                  $now = $current.ToShortTimeString()
                  $member | Set-CASMailbox –ActiveSyncEnabled $true
                  $mbx2 = $mailbox.Name
                  Write-host "$now $mbx2 is enabled for active sync"
                  add-content $output1 "$now $mbx2 is enabled for active sync"
                  add-content $output3 "$now $mbx2 is enabled for active sync"
                }
         }
           #if user is not member of allowed group, disable ActiveSync
       else
       {
          if ($mailbox.ActiveSyncEnabled -eq "true")
                {
              
                  $member | Set-CASMailbox –ActiveSyncEnabled $false
                  $current = get-date
                  $now = $current.ToShortTimeString()
                  $mbx3 = $mailbox.Name
                  Write-host "$now $mbx3 is disabled for active sync"
                  add-content $output2 "$now $mbx3 is disabled  for active sync"
                  add-content $output3 "$now $mbx3 is disabled  for active sync"
                }
           else
                {
      
                  $mbx4 = $mailbox.Name
                  $current = get-date
                  $now = $current.ToShortTimeString()
                  add-content $output2 "$now $mbx4 active sync is already disabled"
                  Write-host "$now $mbx4 active sync is already disabled"
                 }
       }
}
$current = get-date
$now = $current.ToShortTimeString()
add-content $output3 "$now Finished processing All Users"
# send email to Messaging Team with details
$message = new-object Net.Mail.MailMessage
$smtp = new-object Net.Mail.SmtpClient("SMTP SErver")
$message.From = "Messaging@lab.com"
$message.To.Add("vikas.sukhija@lab.com")
$file = $output3
$att = new-object Net.Mail.Attachment($file)
$message.IsBodyHtml = $False
$message.Subject = "Manage-ActiveSync Log"
$message.Attachments.Add($att)
$smtp.Send($message)
########################################################################


Thanks

Vikas

No comments:

Post a Comment