Thursday, December 12, 2024

Build an MS Exchange Throttling Policy to remove inactive mobile device partnerships

Abstract: Every mobile device connected to Microsoft Exchange has an ActiveSync partnership entry stored in the ActiveDirectory, also if the device is no longer used by the owner. So how can these entries be purged automatically?

For every user there is an ExchangeActiveSyncDevices object (child from the user object) which contains (for every ActiveSync partnership) the user is using an msExchActiveSyncDevice object. As a default rule the exchange server will not delete device partnerships. The user need to use OWA (more infos here) or the Exchange Administrator can do that via GUI/Powershell:

Remove-MobileDevice -Identity WM_JeffHay

The issue here is, that if the user & administrator do not perform these actions, hese configured device partnerships will grow and grow. In the end the user might have ten device partnerships (depending on your config) configured but is using only one device. If the policy (default one) now only allow ten device partnerships per user, the user get an error that he isn´t able to configure a new device:

Error with your new mobile phone partnership. You have 11 phone partnerships out of the maximum allowed 10 partnerships.

So instead of doing it manually couldn´t we do that automatically?

The answer is yes, you can run a script similar like:

Get-CASMailbox -ResultSize unlimited –Filter {(HasActiveSyncDevicePartnership -eq $true) -AND (name -notlike “cas*”) -AND (name -notlike “DiscoverysearchMailbox*”)} | ForEach {Get-MobileDeviceStatistics -Mailbox $_.Identity | Where-Object {$_.LastSuccessSync -le ((Get-Date).AddDays(“-14”))} | Remove-MobileDevice}

Or with Exchange 2013/2016 (with Exchange Online Microsoft takes care of that without your needs) you can use the throttling policy and the EasMaxInactivityForDeviceCleanup option. Microsoft described that option as followed:

The EasMaxInactivityForDeviceCleanup parameter specifies the length of time that a user's device partnerships will remain active. By default, there is no limit to the number of days that a user's device partnerships will remain active. Use this value if you want to minimize the amount of inactive device partnerships in your organization. To use this setting, specify a value in days since the user's last sync time to cause the device partnership to be removed.

To implement that you might wish to change the default throttling policy and change the EasMaxInactivityForDeviceCleanup from $Null or “unlimited” to a value you prefer (e.g. 14 days). But a better way would be a company throttling policy which you assign directly to your users. This can be done via the following steps:

1.) Create a new throttling policy via:

New-ThrottlingPolicy -Name EMEAUserThrottlingPolicy -ThrottlingPolicyScope Regular

2.) In our case we wish that inactive mobile device partnerships where deleted after 14 days (the default Throttling Policy has a value to keep the entries forever) so we set:

set-ThrottlingPolicy -Identity EMEAUserThrottlingPolicy -EasMaxInactivityForDeviceCleanup 14

3.) Now we need to assign the policy to our users (as written here), this can be done via two ways:

Set-ThrottlingPolicyAssociation -Identity tonysmith -ThrottlingPolicy EMEAUserThrottlingPolicy

or

$b = Get-ThrottlingPolicy EMEAUserThrottlingPolicy
Set-Mailbox -Identity tonysmith -ThrottlingPolicy $b

 

If the new throttling policy is assigned now (and therefore the EasMaxInactivityForDeviceCleanup value changed) and if a user try to add a new device, the throttling policy will kick in, check how many devices are no longer in use and will delete the one which fits the throttling policy EasMaxInactivityForDeviceCleanup value. This approach to check that during adding a new device is chosen by Microsoft to save server system resources. Because via this approach the server isn´t running a cleanup multiple times a day/week/month, it is only running a cleanup when he needs to do that.

Cross reference:
https://technet.microsoft.com/en-us/library/jj863577(v=exchg.150).aspx
https://blogs.technet.microsoft.com/rmilne/2013/02/11/client-throttling-event-id-2915-what-it-really-means/

 

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Stay Connected

35FollowersFollow
- Advertisement -

Latest Articles