Home » Exchange » #Exchange 2007ActiveSync: Control Which Users Are Enabled…Automagically

Last year when we launched support for Windows Mobile 6.x devices via Exchange ActiveSync, I had a challenge of making sure only approved users were enabled for ActiveSync support. By default in Exchange(all versions), all mailboxes are enabled for ActiveSync, and specifically with Exchange 2007 when the CAS role is installed into the Organization. I decided to write this quick script to fix this ‘feature’ and would allow me to run interactively or via the task scheduler.


  1. Create a Universal security group
  2. From the EMS, get the GUID for the newly created group

    I wanted to use the GUID to prevent the script from breaking in the event someone changed the group name.

You will need to populate the $grpguid variable with the GUID you obtain from Prerequisite #2. Once complete, schedule to run on a machine that has the Exchange cmdlets and you will be off and running.  Once you want to control who is enabled, simply populate the group  that you created in Prerequisite #1 with users who’ve been approved to utilize ActiveSync.

Feel free to leave any questions in the comments.