Avoid Account Lockout: Use PowerShell to Find Old Mobile Devices

Summary: Guest blogger, Tim Bolton, talks about using Windows PowerShell to find old mobile devices that may cause account lockout.

Microsoft Scripting Guy, Ed Wilson, is here. Welcome back, guest blogger, Tim Bolton

One of the most common issues we have been seeing lately is user accounts being locked out due to an mobile device that has been replaced or upgraded. Unfortunately, it is still trying to access their Exchange Server email account. 99% of the time, the user will claim that the old device is not in use, but when they see these results, they realize that their kids are using their device, and they never removed the ActiveSync application.

I created this simple little script to show what devices are still in use.

Here are the prerequisites needed:

  1. Run on an Exchange Server with an Admin account, or use New-PSSession to an Exchange Server running with an Admin account.
  2. You must be able to use Import-Module ActiveDirectory.
  3. Change the internal mail relay address, for example:  $SmtpServer = "Mail.Big.Dog.Com"

When you run this script, it creates an HTML email that is sent to the requester with a BCC to the person who is running the Windows PowerShell command.  I added the BCC so I could make sure that the email went out and to be able to explain to the requesters what they were looking at.

The following image shows an example of a report that I ran for my mobile devices.

Image of report

Here is the script:

<#Prerequisites needed:

1) Run this on an Exchange Server with an Admin account or use New-PSSession to an Exchange Server running with an Admin account.

2) You must be able to use Import-Module ActiveDirectory.

 

Example: Enter the UserID for the requester and for the person you want the mobile report for.

PS C:\> Get-Mobile

 

cmdlet Get-Mobile at command pipeline position 1

Supply values for the following parameters:

Requester: tbolton

UserID: tbolton

#>

Function Get-Mobile {

[CmdletBinding()]

param(

    [Parameter(Mandatory=$True,

               ValueFromPipeline=$True,

               ValueFromPipelineByPropertyName=$True)]

    [string]$Requester,

 

    [Parameter(Mandatory=$True)]

    [string]$UserID

)

PROCESS {

# Date

$Date = (get-date).ToString("MM-dd-yy")

 

# Get Requester Info via their UserID

$RequesterEmail=(Get-ADUser $Requester -Properties mail).Mail

$RequesterFirstName=(Get-ADUser $Requester -Properties GivenName).GivenName

 

# Get Tech who is running this script information to CC Email to.

$MyName = $env:username

$MyEmail = (Get-ADUSer $MyName -Properties mail).mail

 

# Get DisplayName of User via their UserID

$TheUserName=(Get-ADUser $UserID -Properties DisplayName).DisplayName

#$TheUserName=$TheUser.DisplayName

 

# Email Settings

$SmtpServer = "Your Internal Mail Relay Address Here"

$SmtpFrom = "$MyEmail"

$SmtpTo = "$RequesterEmail"

$SmtpBcc = New-Object system.Net.Mail.mailaddress "$MyEmail"

$MessageSubject = "Mobile report for $TheUserName "

 

$Message = New-Object System.Net.Mail.MailMessage $Smtpfrom, $Smtpto

# Add BCC

$Message.Bcc.Add($SmtpBcc)

 

$Message.Subject = $MessageSubject

$Message.IsBodyHTML = $true

 

#### HTML Output Formatting #######

 

$a = @"

<style>

body {

    color:#333333;

    font-family:Calibri,Tahoma;

    font-size: 10pt;

}

TABLE {

            border-width: 1px;

            text-align: center;

            border-style: solid;

            border-color: black;

            border-collapse: collapse;

}

th {

    font-weight:bold;

            border-width: 1px;

            padding: 10px;

            border-style: solid;

            border-color: black;

    color:#eeeeee;

    background-color:#333333;

}

td {

            font-weight:bold;

            border-width: 1px;

            padding: 10px;

            border-style: solid;

            border-color: black;

}

</style>

"@

 

# This is what will pull the information on the mobile devices being used by $UserID and will create the message body.

$Message.Body = Get-ActiveSyncDeviceStatistics -Mailbox $UserID | select DeviceType,DeviceModel,DeviceFriendlyName,DeviceOS,DeviceUserAgent,LastSyncAttemptTime,Lastsuccesssync,NumberOfFoldersSynced | ConvertTo-HTML -PreContent "<h2>Mobile Devices for $TheUserName</h2>","<h2>Date: $Date</h2>" -Head $a

 

$smtp = New-Object Net.Mail.SmtpClient($smtpServer)

$smtp.Send($message)

 

}

}

###############################################################

The full script can be downloaded from the Script Center Repository: Get Users Mobile Devices Using Exchange ActiveSync.

Thank you, Tim, for once again sharing your time and knowledge.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy