Adaxes

Hot to Get ActiveSync devices details for all users ?

0 votes

Hello,

We need a report or a custom command that export all Active Sync devices details. Is there a way to do it ?

Thanks :-)

Michel

by (200 points)
0

Hello Michel,

What exactly do you mean by Active Sync devices details? Could you, please, provide a live example of the desired report? You can post it here or email at support@adaxes.com.

by (272k points)
0

Hello,

For each devices we need the user name and all informations showed in Device Details.

as2.png

by (200 points)
0

Hello Michel,

Thank you for clarifying. Unfortunately, there is no possibility to make such a report due to the number of columns. As a solution, you can have a custom command with a PowerShell script. The script can create a CSV file with all the data and deliver it via email. Does the approach meet your needs?

by (272k points)
0

Hello, thank you for your answer.

Yes, it will meet our need.

by (200 points)

1 Answer

0 votes
by (272k points)

Hello Michel,

Thank you for the confirmation. Below is the script that will send the report. In the script:

  • $csvFilePath - Specifies the network path to the CSV file that will be created by the script.
  • $removeCsvFile - Specifies whether to remove the CSV file after sending the email.
  • $recipient - Specifies the email address of the notification recipient.
  • $from - Specifies the email address the email notification will be sent from.
  • $subject - Specifies the email notification subject. You can use value references in the subject (e.g. %fullname%) to add values of the target user properties.
  • $message - Specifies the email notification text. You can use value references in the text (e.g. %fullname%) to add values of the target user properties.
  • $smtpServer - Specifies the SMTP server that will be used to send the email notification.
# CSV file settings
$csvFilePath = "C:\Scripts\Report.csv" # TODO: modify me
$removeCsvFile = $True # TODO: modify me

# E-mail settings
$recipient = "recipient@domain.com" # TODO: Modify me
$from = "noreply@domain.com" # TODO: Modify me
$subject = "Mobile devices" # TODO: modify me
$message = "Mobile devices" # TODO: modify me
$smtpServer = "mail.domain.com" # TODO: Modify me

function GetDeviceAccessState ($mobileDevice)
{
    switch ($mobileDevice.DeviceAccessState)
    {
        "ADM_MOBILE_DEVICE_ACCESS_STATE_UNKNOWN"
        {
            $deviceAccessState = "Unknown"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_ALLOWED"
        {
            $deviceAccessState = "Access granted"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_BLOCKED"
        {
            $deviceAccessState = "Access denied"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_QUARANTINED"
        {
            $deviceAccessState = "Quarantined"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_DEVICEDISCOVERY"
        {
            $deviceAccessState = "Gathering information"
        }
    }

    return $deviceAccessState
}

function GetStatus ($mobileDevice)
{
    if ($mobileDevice.isWaitingForDeletion)
    {
        return "Deletion pending"
    }

    $status = $NULL
    switch ($mobileDevice.WipeStatusLastCommitted)
    {
        "ADM_MOBILE_DEVICE_WIPE_STATUS_WIPEPENDING"
        {
            $status = "Wipe pending"
        }
        "ADM_MOBILE_DEVICE_WIPE_STATUS_WIPESUCCEEDED"
        {
            $status = "Wipe succeeded"
        }
        "ADM_MOBILE_DEVICE_WIPE_STATUS_ACCOUNTWIPEPENDING"
        {
            $status = "Account-only wipe pending"
        }
        "ADM_MOBILE_DEVICE_WIPE_STATUS_ACCOUNTWIPESUCCEEDED"
        {
            $status = "Account-only wipe succeeded"
        }
    }

    if ($NULL -ne $status)
    {
        return $status
    }

    if ($mobileDevice.DeviceAccessStateLastCommitted -eq "ADM_MOBILE_DEVICE_ACCESS_STATE_ALLOWED")
    {
        return "OK"
    }
    else
    {
        return GetDeviceAccessState $mobileDevice 
    }
}

# Get mailbox parameters
$mailboxParams = $Context.TargetObject.GetMailParameters("ADM_GET_EXCHANGE_PARAMS_FLAGS_NONE")

# Get active sync feature
$activeSync = $mailboxParams.MailboxFeatures.GetItemByType("ADM_EXCHANGE_MAILBOXFEATURETYPE_ACTIVESYNC")

$records = New-Object System.Collections.ArrayList
foreach ($mobileDevice in $activeSync.MobileDevices)
{
    switch ($mobileDevice.DeviceAccessStateReason)
    {
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_UNKNOWN"
        {
            $DeviceAccessStateReason = "Unknown"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_GLOBAL"
        {
            $DeviceAccessStateReason = "Global permissions"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_INDIVIDUAL"
        {
            $DeviceAccessStateReason = "Individual assignment"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_DEVICERULE"
        {
            $DeviceAccessStateReason = "Device grouping permissions"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_UPGRADE"
        {
            $DeviceAccessStateReason = "Upgrade grace period"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_POLICY"
        {
            $DeviceAccessStateReason = "Security policy application"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_USERAGENTSCHANGES"
        {
            $DeviceAccessStateReason = "Too many user agent changes"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_RECENTCOMMANDS"
        {
            $DeviceAccessStateReason = "Too many identical commands"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_WATSONS"
        {
            $DeviceAccessStateReason = "Too many Watsons"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_OUTOFBUDGETS"
        {
            $DeviceAccessStateReason = "Too many out of budget exceptions"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_SYNCCOMMANDS"
        {
            $DeviceAccessStateReason = "Too many identical sync commands"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_ENABLENOTIFICATIONEMAIL"
        {
            $DeviceAccessStateReason = "Enable notification email"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_COMMANDFREQUENCY"
        {
            $DeviceAccessStateReason = "Too many commands"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_AADBLOCKDUETOACCESSPOLICY"
        {
            $DeviceAccessStateReason = "AAD premium account compromised issue"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_AADBLOCKDUETOCOMPROMISEDPASSWORD"
        {
            $DeviceAccessStateReason = "AAD premium account compromised issue"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_AADINTERACTIONREQUIREDDUETOCOMPROMISEDPASSWORD"
        {
            $DeviceAccessStateReason = "AAD premium password compromised issue"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_AADREQUIREMFA"
        {
            $DeviceAccessStateReason = "AAD premium policy MFA issue"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_DEVICENOTKNOWNWITHMANAGEDAPP"
        {
            $DeviceAccessStateReason = "External mobile application management issue"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_EXTERNALCOMPLIANCE"
        {
            $DeviceAccessStateReason = "External mobile device management compliance issue"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_EXTERNALENROLLMENT"
        {
            $DeviceAccessStateReason = "External mobile device management enrollment issue"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_EXTERNALMDM"
        {
            $DeviceAccessStateReason = "External mobile device management"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_OUTLOOKDESKTOPBLOCKDUETOCONSUMERMIGRATION"
        {
            $DeviceAccessStateReason = "Access denied for Outlook desktop consumer user"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_OUTLOOKMOBILEUPSELLINTERRUPT"
        {
            $DeviceAccessStateReason = "Interrupted for Outlook mobile upsell"
        }
        "ADM_MOBILE_DEVICE_ACCESS_STATE_REASON_UNFAMILIARLOCATION"
        {
            $DeviceAccessStateReason = "Unfamiliar location state issue"
        }
    }
    switch ($mobileDevice.DevicePolicyApplicationStatus)
    {
        "ADM_MOBILE_DEVICE_POLICY_APPSTATUS_UNKNWON"
        {
            $devicePolicyApplicationStatus = "Unknown"
        }
        "ADM_MOBILE_DEVICE_POLICY_APPSTATUS_NOTAPPLIED"
        {
            $devicePolicyApplicationStatus = "Not applied"
        }
        "ADM_MOBILE_DEVICE_POLICY_APPSTATUS_APPLIEDINFULL"
        {
            $devicePolicyApplicationStatus = "Applied in full"
        }
        "ADM_MOBILE_DEVICE_POLICY_APPSTATUS_PARTIALLYAPPLIED"
        {
            $devicePolicyApplicationStatus = "Partially applied"
        }
        "ADM_MOBILE_DEVICE_POLICY_APPSTATUS_EXTERNALLYMANAGED"
        {
            $devicePolicyApplicationStatus = "Externally managed"
        }
    }

    $status = GetStatus $mobileDevice
    $deviceAccessState = GetDeviceAccessState $mobileDevice
    $recordProperties = [ordered]@{
        "Status" = $status
        "First Sync" = $mobileDevice.FirstSyncTime
        "Last successful sync" = $mobileDevice.LastSuccessSync
        "Folders synced" = $mobileDevice.NumberOfFoldersSynced
        "Device name" = $mobileDevice.DeviceFriendlyName
        "Device model" = $mobileDevice.DeviceModel
        "Phone number" = $mobileDevice.DevicePhoneNumber
        "Mobile network" = $mobileDevice.DeviceMobileOperator
        "Device type" = $mobileDevice.DeviceType
        "Device ID" = $mobileDevice.DeviceId
        "Device IMEI" = $mobileDevice.DeviceImei
        "Device OS" = $mobileDevice.DeviceOS
        "Device language" = $mobileDevice.DeviceOSLanguage
        "User agent" = $mobileDevice.DeviceUserAgent
        "Client type" = $mobileDevice.ClientType
        "Access state" = $deviceAccessState
        "Access set by" = $DeviceAccessStateReason
        "Policy applied" = $mobileDevice.DevicePolicyApplied
        "Policy application status" = $devicePolicyApplicationStatus
        "Policy updated" = $mobileDevice.LastPolicyUpdateTime
        "ActiveSync version" = $mobileDevice.ClientVersion
    }

    $record = New-Object PSObject -Property $recordProperties
    [void]$records.Add($record)
}
$records.ToArray() | Export-Csv -Path $csvFilePath -NoTypeInformation

# Send mail
Send-MailMessage -to $recipient -From $from -Subject $subject -Body $message -SmtpServer $smtpServer -Attachments $csvFilePath

if ($removeCSVFile)
{
    # Remove temporary file
    Remove-Item $csvFilePath -Force
}
0

Thank you for you job :-)

by (200 points)

Related questions

0 votes
1 answer
How to script get-admuser to get all users whose customattributeboolean6 is true?

This is the logic I ham useing. $criteria = New-AdmCriteria -Type "User" -Expression {customAttributeBoolean6 -eq $true} $usersC = Get-AdmUser -Filter $criteria -properties * - ... there a better way to get the list of users into this variable? error;

asked Dec 14, 2023 by mightycabal (1.0k points)
0 votes
1 answer
Is there a way to get all AD Users, in powershell, and include custom attributes?

I am wanting to export a list of users including the properties of a specific custom attribute. Ideally, I would be able to run a get-admuser and filter on a custom attribute, but even an excel report with the custom attributes would work. Is this possible?

asked Sep 9, 2021 by ggallaway (300 points)
0 votes
1 answer
Is there a way to integrate sharepoint sites in adaxes to create a web facing interface for users to see all sites?

We get Sharepoint Online requests for access to sites/folder/content. Is there a way to automate this task?

asked Jul 10, 2023 by dharry (20 points)
0 votes
1 answer
Get all memberships for a User, also the multiple one

Hi, is there any function to get all direct an indirect memberships, with the multiple one? If we check the indirect membership checkbox there are only shown every "group" once. ... groups he is getting the same permissions and so on. Is there a way? Regards

asked Jan 29, 2018 by plesen (100 points)
0 votes
1 answer
Failed to get mailbox rights. Some or all identity references could not be translated

A service desk user has encountered an error when trying to access shared mailbox delegation. "Send As" is visible however "Full Access" displays red text stating "Failed to get ... error. Any ideas why this is happening and what I can do to rectify it?

asked Nov 11, 2022 by Homelander90 (330 points)
3,346 questions
3,047 answers
7,772 comments
544,970 users