I found a great vbscript that will disable Active Sync on every User Object in Active Directory in a specific OU. This is useful if you don’t want every user by default to have Active Sync access, which adds about .75 IOPS to your Exchange environment. Remember, each new User account that is created will have this enable, unless you deploy from a user template with this setting disabled.
http://blogs.technet.com/mjimenez/archive/2007/07/30/how-do-i-programmatically-disable-enable-microsoft-exchange-active-sync-for-all-of-my-mobile-users.aspx
”””””””””””””””””””””””””””””””””””””””’
”
” DISABLEEAS.VBS
”
” Disables Exchange Server 2003 Active Sync for the specified OU in the default domain
”
” usage: cscript disableeas
”
”””””””””””””””””””””””””””””””””””””””’
‘ Below are the values for the msExchOmaAdminWirelessEnable Exchange attribute that can be modified.
‘ 5 = disable EAS and keep OMA enabled.(default)
‘ 7 = disable all mobile features.
‘ 0 = enable all mobile features. (not recommended)
”””””””””””””””””””””””””””””””””””””””’
” Create log file instance
”””””””””””””””””””””””””””””””””””””””’
On Error Resume Next
Set objFSO = CreateObject(“Scripting.FileSystemObject”)
Set objLogFile = objFSO.OpenTextFile(“c:\disableeas.log”, 2, True, 0)
If Err.Number <> 0 Then
‘ Attempt to create a log file failed.
On Error GoTo 0
objLogFile.WriteLine “ERROR: Failed to create a log file.Program execution halted.”
WScript.Echo “ERROR: Failed to create a log file. Program execution halted.”
WScript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
‘ Successfully Created Disableeas.log file. Restore normal error handling.
On Error GoTo 0
objLogFile.WriteLine “disableeas.log created successfully”
End If
”””””””””””””””””””””””””””””””””””””””’
” Determine DNS domain name
”””””””””””””””””””””””””””””””””””””””’
Set objRootDSE = GetObject(“LDAP://rootDSE“)
strDNSDomain = objRootDSE.Get(“defaultNamingContext”)
strBaseOU = “” ‘SPECIFY AND ORGANIZATIONAL UNIT NAME HERE. FOR EXAMPLE ‘OU=Production
If Err.Number <> 0 Then
‘ Attempt to bind to Active Directory Failed.
On Error GoTo 0
objLogFile.WriteLine “ERROR: Binding to Active Directory Failed. Program execution halted.”
WScript.Echo “ERROR: Binding to Active Directory Failed. Program execution halted.”
WScript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
‘ Active Directory bind successful
On Error GoTo 0
objLogFile.WriteLine “Binding to Active Directory successful”
End If
”””””””””””””””””””””””””””””””””””””””’
” Setup ADO for Active Directory
”””””””””””””””””””””””””””””””””””””””’
Set objCommand = CreateObject(“ADODB.Command”)
Set objConnection = CreateObject(“ADODB.Connection”)
objConnection.Provider = “ADsDSOObject”
objConnection.Open “Active Directory Provider”
objCommand.ActiveConnection = objConnection
If Err.Number <> 0 Then
‘ Attempt to search Active Directory Failed.
On Error GoTo 0
objLogFile.WriteLine “ERROR: ADO Setup for Active Directory Failed. Program execution halted.”
WScript.Echo “ERROR: ADO Setup for Active Directory Failed. Program execution halted.”
WScript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
‘ ADO Active Directory setup successful
On Error GoTo 0
objLogFile.WriteLine “Active Directory setup successful”
End If
‘ Test whether an OU is specified.
If strBaseOU <> “” Then
strBase=”<LDAP://” & strBaseOU & “,” & strDNSDomain & “>”
Else strBase=”<LDAP://” & strDNSDomain & “>”
End If
‘strBase=”<LDAP://” & strDNSDomain & “>”
wscript.echo strBase
”””””””””””””””””””””””””””””””””””””””’
” Search for users with defined filters
”””””””””””””””””””””””””””””””””””””””’
strFilter = “(&(objectCategory=person)(objectClass=user)(!msExchOmaAdminWirelessEnable=5)(mail=*)(userAccountControl=66048))”
strAttributes = “distinguishedName”
strQuery = strBase & “;” & strFilter & “;” & strAttributes & “;subtree”
objCommand.CommandText = strQuery
objCommand.Properties(“Page Size”) = 100
objCommand.Properties(“Timeout”) = 30
objCommand.Properties(“Cache Results”) = False
Set objRecordSet = objCommand.Execute
If Err.Number <> 0 Then
‘ Attempt to search within defined parameters failed.
On Error GoTo 0
objLogFile.WriteLine “Attempt to search within defined parameters failed. Program execution halted.”
WScript.Echo “ERROR: Attempt to search within defined parameters failed. Program execution halted.”
WScript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
‘ Active Directory bind successful
On Error GoTo 0
objLogFile.WriteLine “Search within defined parameters was successful”
End If
”””””””””””””””””””””””””””””””””””””””’
” Enuerate all users
”””””””””””””””””””””””””””””””””””””””’
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields(“distinguishedName”)
Set objUser = GetObject(“LDAP://” & strDN)
On Error Resume Next
objUser.Get(“msExchOmaAdminWirelessEnable”)
On Error GoTo 0
objUser.Put “msExchOmaAdminWirelessEnable”, “5″
objUser.SetInfo
If Err.Number <> 0 Then
On Error GoTo 0
objLogFile.Writeline “ERROR: Unfortunately, the required mobile attribute generated an error can could not be set. Program execution halted.”
WScript.Echo “ERROR: Unfortunately, the required mobile attribute generated an error can could not be set. Program execution halted.”
Wscript.Quit
objLogFile.Close
Set objFSO = Nothing
Else
On Error GoTo 0
objLogFile.Writeline “User mobile properties successfully modified: ” & objUser.Name
Wscript.Echo “User mobile properties successfully modified: ” & objUser.Name
End If
‘ End If
objRecordSet.MoveNext
Loop
”””””””””””””””””””””””””””””””””””””””’
” Clean up
”””””””””””””””””””””””””””””””””””””””’
objLogFile.WriteLine “End Program”
Wscript.Echo “End Program”
objLogFile.Close
Entries (RSS)