Disabling Activesync by default on Exchange 2010

Posted: February 10, 2011 in Exchange

If you want to set Activesync to be disabled for new users on Exchange 2010, do the following.

Save the following as ScriptingAgentConfig.xml in %ExchangeInstall%\V14\Bin\CmdletExtensionAgents

<?xml version=”1.0″ encoding=”utf-8″ ?>
<Configuration version=”1.0“>
<Feature Name=”MailboxProvisioning” Cmdlets=”enable-mailbox“>
<ApiCall Name=”OnComplete“>
if($succeeded) {
$user = (Get-User $provisioningHandler.UserSpecifiedParameters[“Identity”]).distinguishedName
Set-CASMailbox $user -ActiveSyncEnabled $false
}
</ApiCall>
</Feature>
<Feature Name=”MailboxProvisioning” Cmdlets=”new-mailbox“>
<ApiCall Name=”OnComplete“>
if($succeeded) {
$user = (Get-User $provisioningHandler.UserSpecifiedParameters[“Name”]).distinguishedName
Set-CASMailbox $user -ActiveSyncEnabled $false
}
</ApiCall>
</Feature>
</Configuration>

Run

Enable-CmdletExtensionAgent “Scripting Agent”

in the Exchange Management Shell

Advertisements
Comments
  1. Jomin says:

    Hi,

    I m getting below warning messaging with no changes after doing this..
    “WARNING: The cmdlet extension agent with the index 5 has thrown an exception in
    OnComplete(). The exception is:
    Microsoft.Exchange.Provisioning.ProvisioningException: ScriptingAgent: Exception
    thrown while invoking scriptlet for OnComplete API: Unexpected token ‘Set-CASMailbox’
    in expression or statement.. —> System.Management.Automation.ParseException:
    Unexpected token ‘Set-CASMailbox’ in expression or statement.
    at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
    at System.Management.Automation.PowerShell.EndInvoke(IAsyncResult asyncResult)
    at
    Microsoft.Exchange.Configuration.MonadDataProvider.MonadPipelineProxy.ClosePipeline(M
    onadAsyncResult asyncResult)
    — End of inner exception stack trace —
    at Microsoft.Exchange.ProvisioningAgent.ScriptingAgentHandler.OnComplete(Boolean
    succeeded, Exception e)
    at Microsoft.Exchange.Provisioning.ProvisioningLayer.OnComplete(Task task, Boolean
    succeeded, Exception exception)”

    • dthomo says:

      Hey there Jomin,

      It appears I made an error when pasting in the XML. Line 13, I forgot a line break. The line should end after distinguishedName. The Set-CASMailbox should be on a new line. I will fix up the post as well so you should be able to copy and paste it in. Thanks for picking this up. Let me know if this fixes it?

      Dylan

  2. Blair Muller says:

    Hi Dylan,

    When I do this and open EMC I get unexpected error 0x78A9457B while executing command Get-LogonUser. Any ideas?

    • dthomo says:

      Hi Blair,

      I’ve seen random errors such as this before and there are 4 things I can think of to check/try.

    • Does you Exchange server’s NetBIOS name include a period? This can cause issues with some of the commandlets thinking they are referencing a FQDN and not a short name.
    • Create a new user in AD with full management rights for Exchange management. Have seen some odd things with admin accounts (AD corruption or random things that had been messed with through ADSI edit).
    • Check to see if both EMC and EMS give errors such as this. For some reason, these types of errors seem to be more common in EMC, but you can still use EMS just fine to administer the server.
    • Run a repair on the install. Not something you really want to do, but it has solved this kind of issue for me in the past. Last resort though.
    • Let me know how you go.

  • dthomo says:

    Hi Blair,

    One other thing to check, if you have been deploying using something like a VM template. Just confirm that none of your domain controllers and the Exchange servers have the same SID in AD. A very odd one, but just had another engineer mention it to me.

    Dylan

  • Ben says:

    Hi Dylan,

    Just an FYI – I had the same error experienced as Blair, to be able to access the EMC I had to delete the xml file and then disable the scripting agent.

    The issue seems to be the way the XML file was created. I used notepad first off which appears to create an incompatible file, I used notepad++ second time around and saved it as an XML file – It worked with this version.

    Cheers for the script!

    Ben.

  • Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s