This post is also available in: Polish
New upgrade for Apple devices like IPhone or IPad to iOS 6.1 can couse Exchange Admins headache.
With new version of iOS (iOS 6.1) we have new problems, users connecting to Microsoft Exchange mailboxes using mobile devices with iOS 6.1 can generate excessive transaction logs.
This is caused by syncing mail and calendar services, devices with iOS 6.1 seemed to go into a loop and ended up by generating some 50GB of transaction logs.
This situation can be dangerous for Microsoft Exchange server, because when free space for transaction logs will end, then Exchange will dismount mailbox database.
Upgrading Apple devices to new iOS to fast is not recommended.
For now recommended solution is::
- hold off any devices upgrades to iOS 6.1
- users with iOS 6.1 can’t work with calendar,
- block iOS 6.1 devices using an Exchange ActiveSync device access rule
- wait for fix from Apple
Because not everyone want to wait, and not every user will listen Exchange Admin, we present two scripts to find users with devices with iOS 6.1.
First script will show you how many users uses mobile devices with Apple iOS 6.1 connected to Microsoft Exchange Server during last 30 days:
$MBXs = Get-Mailbox -server MBXSrv01 -RecipientTypeDetails UserMailbox –ResultSize Unlimited -Filter {HiddenFromAddressListsEnabled -eq $false} $Devices = $MBXs | %{Get-ActiveSyncDeviceStatistics -Mailbox $_.Identity} | ?{$_.LastSuccessSync -gt (Get-Date).AddDays(-30)} $Devices | ? {$_.DeviceOS -like "*iOS*"} | Group-Object -Property DeviceOS -NoElement
Generating output can take some time, depends on how many mailboxes you have on Exchange Server.
Second script will generate report with users who uses mobile devices with iOS 6.1 to connect to Exchange Server.
Script will create output .csv file.
Set-AdServerSettings -ViewEntireForest $True Function New-Array {,$args} $Report = new-array $file_out = "D:\Scripts\mobile_devices_iOS.csv" $mbx = Get-CASMailbox -ResultSize Unlimited | ?{$_.HasActiveSyncDevicePartnership} $mbx | ForEach-Object { $mailbox = $_.Name $PrimarySMTPAddress = $([string]$_.PrimarySMTPAddress) $stats = Get-ActiveSyncDeviceStatistics -Mailbox $PrimarySMTPAddress | ?{$_.LastSuccessSync -gt (Get-Date).AddDays(-30)} if($stats){ foreach ($dev in $stats){ if ($dev.DeviceOS -like "iOS 6.*"){ $device = New-Object System.Object $device | Add-Member -type NoteProperty -name Mailbox -value $mailbox $device | Add-Member -type NoteProperty -name LastSuccessSync -value $dev.LastSuccessSync $device | Add-Member -type NoteProperty -name DeviceID -value $dev.DeviceOS $device | Add-Member -type NoteProperty -name DeviceID -value $([string]$dev.DeviceID) $device | Add-Member -type NoteProperty -name DeviceType -value $dev.DeviceType $device | Add-Member -type NoteProperty -name DeviceUserAgent -value $dev.DeviceUserAgent $device | Add-Member -type NoteProperty -name DeviceModel -value $dev.DeviceModel $device | Add-Member -type NoteProperty -name DeviceIMEI -value $([string]$dev.DeviceIMEI) $Report += $device } } } } $Report | Export-Csv $file_out -NoType
When you get all of those informations you can tell your users to be careful.
But if you want to block all devices with iOS 6.1, and disallow connections to Exchange server you need to create ActiveSync Device Access Rules like below:
New-ActiveSyncDeviceAccessRule -querystring "iOS 6.1 10B141" -characteristic DeviceOS -accesslevel block New-ActiveSyncDeviceAccessRule -querystring "iOS 6.1 10B142" -characteristic DeviceOS -accesslevel block New-ActiveSyncDeviceAccessRule -querystring "iOS 6.1 10B143" -characteristic DeviceOS -accesslevel block New-ActiveSyncDeviceAccessRule -querystring "iOS 6.1 10B144" -characteristic DeviceOS -accesslevel block