How Do I Programmatically Disable/Enable Microsoft Exchange Active Sync For All Of My Mobile Users?
While working with a customer recently, I created a VBScript that leverages ADO to programmatically disable/enable Microsoft Exchange Active Sync for ALL users in Active Directory. The key to this script is the msExchOmaAdminWirelessEnable attribute. If you know VBScript, the code below is very easy to use. You will need to copy and paste this code into your favorite text editor and save as a .VBS file. Also, this script needs to run on a domain controller and you will need the appropriate privledges to run it. As always,you should never run this script in a production enviornment without proper testing in a lab first. I've only tested this on Exchagne 2003, BTW. Disclaimer: This sample script is not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.
Start of the script:
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' DISABLEEAS.VBS
''
'' Disables Exchange Server 2003 Active Sync for the specified OU in the default domain
''
'' usage: cscript disableeas
''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Below are the values for the msExchOmaAdminWirelessEnable Exchange attribute that can be modified.
' 5 = disable EAS and keep OMA enabled.(default)
' 7 = disable all mobile features.
' 0 = enable all mobile features. (not recommended)
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Create log file instance
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objLogFile = objFSO.OpenTextFile("c:\disableeas.log", 2, True, 0)
If Err.Number <> 0 Then
' Attempt to create a log file failed.
On Error GoTo 0
objLogFile.WriteLine "ERROR: Failed to create a log file.Program execution halted."
WScript.Echo "ERROR: Failed to create a log file. Program execution halted."
WScript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
' Successfully Created Disableeas.log file. Restore normal error handling.
On Error GoTo 0
objLogFile.WriteLine "disableeas.log created successfully"
End If
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Determine DNS domain name
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Set objRootDSE = GetObject("LDAP://rootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBaseOU = "" 'SPECIFY AND ORGANIZATIONAL UNIT NAME HERE. FOR EXAMPLE 'OU=Production
If Err.Number <> 0 Then
' Attempt to bind to Active Directory Failed.
On Error GoTo 0
objLogFile.WriteLine "ERROR: Binding to Active Directory Failed. Program execution halted."
WScript.Echo "ERROR: Binding to Active Directory Failed. Program execution halted."
WScript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
' Active Directory bind successful
On Error GoTo 0
objLogFile.WriteLine "Binding to Active Directory successful"
End If
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Setup ADO for Active Directory
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
If Err.Number <> 0 Then
' Attempt to search Active Directory Failed.
On Error GoTo 0
objLogFile.WriteLine "ERROR: ADO Setup for Active Directory Failed. Program execution halted."
WScript.Echo "ERROR: ADO Setup for Active Directory Failed. Program execution halted."
WScript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
' ADO Active Directory setup successful
On Error GoTo 0
objLogFile.WriteLine "Active Directory setup successful"
End If
' Test whether an OU is specified.
If strBaseOU <> "" Then
strBase="<LDAP://" & strBaseOU & "," & strDNSDomain & ">"
Else strBase="<LDAP://" & strDNSDomain & ">"
End If
'strBase="<LDAP://" & strDNSDomain & ">"
wscript.echo strBase
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Search for users with defined filters
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
strFilter = "(&(objectCategory=person)(objectClass=user)(!msExchOmaAdminWirelessEnable=5)(mail=*)(userAccountControl=66048))"
strAttributes = "distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
If Err.Number <> 0 Then
' Attempt to search within defined parameters failed.
On Error GoTo 0
objLogFile.WriteLine "Attempt to search within defined parameters failed. Program execution halted."
WScript.Echo "ERROR: Attempt to search within defined parameters failed. Program execution halted."
WScript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
' Active Directory bind successful
On Error GoTo 0
objLogFile.WriteLine "Search within defined parameters was successful"
End If
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Enuerate all users
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName")
Set objUser = GetObject("LDAP://" & strDN)
On Error Resume Next
objUser.Get("msExchOmaAdminWirelessEnable")
On Error GoTo 0
objUser.Put "msExchOmaAdminWirelessEnable", "5"
objUser.SetInfo
If Err.Number <> 0 Then
On Error GoTo 0
objLogFile.Writeline "ERROR: Unfortunately, the required mobile attribute generated an error can could not be set. Program execution halted."
WScript.Echo "ERROR: Unfortunately, the required mobile attribute generated an error can could not be set. Program execution halted."
Wscript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
On Error GoTo 0
objLogFile.Writeline "User mobile properties successfully modified: " & objUser.Name
Wscript.Echo "User mobile properties successfully modified: " & objUser.Name
End If
' End If
objRecordSet.MoveNext
Loop
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Clean up
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
objLogFile.WriteLine "End Program"
Wscript.Echo "End Program"
objLogFile.Close
Comments
- Anonymous
January 01, 2003
Activesync is often confused for OMA which is Outlook Mobile Access. Outlook Mobile Acces is similar