question

t0kyobanana-6632 avatar image
0 Votes"
t0kyobanana-6632 asked t0kyobanana-6632 commented

Exchange Bulk import from .csv file to remove deviceID from all users from Allow and then add their deviceID back to Allow

Hello Genius Peeps,

Thought maybe I could turn here for some help! Does anyone know of a Powershell script I could run on our Exchange server for to the following:

1) We would initially want to clear all or current mobile devices from all the users

2) Then re-add their specific mobile device ID that we received from them to the ALLOW list

Is there some sort of .csv and powershell script I can create to make this process fast?

We found the following scripts to remove all from ALLOW and to add to ALLOW list

Clear all Allow
Set-CASMailbox -Identity username -ActiveSyncAllowedDeviceIDs $null

Add to Allow
Set-CASMailbox -Identity username -ActiveSyncAllowedDeviceIDs @{add='DeviceId'}


And maybe after running this script if there's also a quick way to bulk all the users again to show the results were made to the accounts? Using this command? Get-CASMailbox -Identity username | fl activesync*

office-exchange-server-administration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZhengqiLou-MSFT avatar image
0 Votes"
ZhengqiLou-MSFT answered t0kyobanana-6632 commented

Hi @t0kyobanana-6632 ,

Well actually I don't know much about powershell:( So I could only give you this based on my understanding.

 Get-CASMailbox | Set-CASMailbox -ActiveSyncAllowedDeviceIDs $null
 ##First clean all AllowedDeviceIDs for mailboxes.
    
 Import-Csv C:\list.csv | 
 ForEach{
 try {
 Set-CASMailbox -Identity $_.UserName -ActiveSyncAllowedDeviceIDs $_.DeviceId -ErrorAction Stop
 ##Import the csv file and run Ser-CASMailbox for every value(UserName and DeviceId), when this get an error, stop it and go for the next value.
 Write-Output "Successfully Done $_" | Out-File "C:\added.csv" -Append
 ##Write the message if the above cmdlets are correctly done.
 }
 catch [System.Exception] 
 {
 Write-Output "$_" | Out-File "c:\error.csv" -Append
 ##When the Set-CASMailbox cmdlet run into an error(system exception), write down the erorr message and export all these to a csv file.
 }
 Finally
 {
 }}

And I think you could begin with a test 3 users.csv file but not to modify the script to do this.

Also note to run the script with Exchange Management Shell(Admin). CD Driver:\Ps1Path and .\Name.ps1

Best regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@ZhengqiLou-MSFT Thank you! I will try this out today via Exchange Management Shell. :) I'll let you know the results.

1 Vote 1 ·
ZhengqiLou-MSFT avatar image
1 Vote"
ZhengqiLou-MSFT answered t0kyobanana-6632 edited

Hi @t0kyobanana-6632 ,

Good day!

If you wanna set all users' AllowedDeviceIDs to null, you could use:

 Get-CASMailbox | Set-CASMailbox -ActiveSyncAllowedDeviceIDs $null

And to add the DeviceIDs for a specific user, you can run this:

  Import-Csv C:\list.csv |
  ForEach{
  try {
  Set-CASMailbox -Identity $_.UserName -ActiveSyncAllowedDeviceIDs $_.DeviceId -ErrorAction Stop
  Write-Output "Successfully Done $_" | Out-File "C:\added.csv" -Append
  }
  catch [System.Exception]
  {
  Write-Output "$_" | Out-File "c:\error.csv" -Append
  }
  Finally
  {
  }}

The list.csv should be like:
88400-image.png
And the result:
88442-image.png

For the successfully added ones:
88463-image.png

If there are any error, you could found the error messages from the error.txt in the C:\ folder.
88464-image.png

Best regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


image.png (4.9 KiB)
image.png (31.3 KiB)
image.png (12.9 KiB)
image.png (80.7 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello,

This is extremely useful for me to start. But is there a way we could either incorporate the:
Set-CASMailbox -Identity USERNAME -ActiveSyncAllowedDeviceIDs $null
into the script or have a different script to iterate through all users and clear all their ActiveSyncAllowedDeviceIDs prior to running the script that you provided to add in their deviceIDs? Or maybe a all-in-script?

Ideally we would possibly want one single script to easily run based on a .csv. And we would want the script to call out on this .csv and have the script do all of the following in order:

1) Remove/clear all devices that’s currently set to Allow for ALL users
2) Add back their deviceIDs based on the deviceIDs that we have from our users
3) Show us a confirmed result that the change was made and applied for all users and their deviceID(s) applied



And how would we make the .csv if let’s say the user has more than one deviceID?

0 Votes 0 ·
ZhengqiLou-MSFT avatar image
1 Vote"
ZhengqiLou-MSFT answered t0kyobanana-6632 commented

Hi @t0kyobanana-6632 ,

Yeah you can simply add this cmdlet to the top line of the script:

 Get-CASMailbox | Set-CASMailbox -ActiveSyncAllowedDeviceIDs $null
    
 Import-Csv C:\list.csv | 
 ForEach{
 try {
 Set-CASMailbox -Identity $_.UserName -ActiveSyncAllowedDeviceIDs $_.DeviceId -ErrorAction Stop
 Write-Output "Successfully Done $_" | Out-File "C:\added.csv" -Append
 }
 catch [System.Exception] 
 {
 Write-Output "$_" | Out-File "c:\error.csv" -Append
 }
 Finally
 {
 }}

Then it will first remove and then add.

And sorry I don't know how you wanna the confirmed result be like, the result(done or undone) will be listed as the added.csv and error.csv. You could tell me more if that doesn't meet your requirement.

This could add multiply ID for one user, just need your list.csv be like this(separate them with commas):
88497-image.png
Or the txt:
88498-image.png

The result will be like:
88554-image.png

Best regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


image.png (5.9 KiB)
image.png (5.7 KiB)
image.png (9.6 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ZhengqiLou-MSFT let me try out your script that you provided today and let you know my results! :)

Also if it's not too much trouble for you... would you be able to Add notes using ### explaining what each section of your code is doing? I am still learning scripting and I would like to get a better understanding what each section is doing in the code.

1 Vote 1 ·

@ZhengqiLou-MSFT also how can I test with this script to only allow it to remove the deviceIDs from only 3 users who I want to specify? The final product we would just like the script to remove from ALL users.

But for testing purposes can we have to script only remove the deviceIDs from 3 users that are being called on within a .csv as well? Is this possible?

0 Votes 0 ·
t0kyobanana-6632 avatar image
1 Vote"
t0kyobanana-6632 answered ZhengqiLou-MSFT edited

@ZhengqiLou-MSFT The script worked flawlessly!!! Thanks SO much! :) :) :) hehe I wouldn't mind seeking answers from you again in the future.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @t0kyobanana-6632 ,

Glad to know this could help. That's my pleasure.

Have a nice day XD

Best regards,
Lou

0 Votes 0 ·
t0kyobanana-6632 avatar image
0 Votes"
t0kyobanana-6632 answered t0kyobanana-6632 edited

@ZhengqiLou-MSFT only one of our users had TWO deviceIDs so when we had them in our .csv file listed as device1,device2 it was saying that their device got blocked.

So we ran Set-CASMailbox -Identity username -ActiveSyncAllowedDeviceIDs $null and then had to manually add back their two deviceIDs by running the following one-by-one:

Set-CASMailbox -Identity username -ActiveSyncAllowedDeviceIDs @{add='Device1'}
Set-CASMailbox -Identity username -ActiveSyncAllowedDeviceIDs @{add='Device2'}


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZhengqiLou-MSFT avatar image
1 Vote"
ZhengqiLou-MSFT answered t0kyobanana-6632 commented

Hi @t0kyobanana-6632 ,

The script doesn't work for multiple DeviceId users?
As I tested, the user test, it has three Ids and it could be added to the AllowedDeviceIDs successfully.

90152-image.png
And you should run the cmdlet like this:

 Set-CASMailbox -Identity username -ActiveSyncAllowedDeviceIDs DeviceID1,DeviceID2

90153-image.png

Best regards,
Lou


image.png (5.1 KiB)
image.png (12.1 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ZhengqiLou-MSFT I was able to run the script without any issues what so ever. And it worked flawlessly like how you made it out to be. But when our user with two devices tried to access her email from her cellphone she received an email saying she was blocked.

It only worked if we re-added her two devices manually ONE by ONE.

So we had to clear it first and start all over.

And then run Set-CASMailbox -Identity username -ActiveSyncAllowedDeviceIDs DeviceID1 and then another one Set-CASMailbox -Identity username -ActiveSyncAllowedDeviceIDs DeviceID2



1 Vote 1 ·