Tool to manage Microsoft Exchange ActiveSync | EASAdmin 1.0 (Beta)

Disclaimer:

The EASAdmin Tool facilitates to manage Exchange ActiveSync Device on Office365 and Exchange On-Premises. This tool is provided "as is" without warranty of any kind. Microsoft and Tool Developer, Tool Supplier further disclaim all implied warranties including but not limited to any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the samples remains with you. In no event shall Microsoft or the Tool Developer, Suppliers be liable for any damages whatsoever (including but not limited to damages for loss of business profits,business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the tool, even if Microsoft, the Tool Developer, Suppliers have advised of the possibility of such damages.

** EASAdmin Version 1.0.0.2 is updated with multi-domain feature. The feature will fetch the users, devices from across domains in a forest.  

Introduction :

The Exchange ActiveSync Admin (EASAdmin) tool enables administrators to manage the process of remotely erasing lost, stolen, or otherwise compromised mobile devices. The EASAdmin Tool is designed for use with Exchange Server 2010, Exchange 2013, Office 365 (Wave14 and 15).

By using the EASAdmin tool, administrators can perform the following actions on Office 365 and Exchange On-Premise:

• View a list of all devices that are being used by any enterprise user.
• Find Inactive Devices.
• Get No. of devices per user.
• Block/Allow devices.
• Select/De-select devices to be remotely erased.
• View the status of pending remote erase requests for each device.
• Remove Mobile Devices.
• Enable,Disable ActiveSync/MAPI/EWS/OWA Exchange features during troubleshooting.
• Clear Blocked/Allowed Devices.
• Execute Get-CASMailbox, Get-Mailbox,Get-ActiveSyncDeviceStatistics,Get-MailboxFolderStatistics,Get-ActiveSyncDeviceClass,Get-ActiveSyncDeviceAccessRule,Get-ActiveSyncOrganizationSettings,Get-ActiveSyncMailboxPolicy.
• Parse IIS log and get reports to troubleshoot ActiveSync related Issue and manage the device/user from report output.

Pre-Requisite :

The tool is written using C# Visual Studio 2012, PowerShell 3.0, Log Parser 2.2, .Net Framework 4.0. It is tested with Exchange 2010,Exchange 2013 and Office 365 (Wave 14 & 15) and run from Windows 7, Windows 8, Windows 2008 R2 and Windows 2012.

System Requirement:

• .Net Framework 4. (https://www.microsoft.com/en-in/download/details.aspx?id=17718 )
• PowerShell 2.0 or Later. (https://support.microsoft.com/kb/968929 )
• Log Parser 2.2 (https://www.microsoft.com/en-in/download/details.aspx?id=24659 )
• The tool screen layout works best with resolution 1920 x 1080.
• Verify that Windows PowerShell can run scripts:

1. Click      Start > All Programs > Accessories > Windows PowerShell.

2. Do one of the following to open Windows PowerShell:

   • If you're running Windows Vista,Windows 7, or Windows Server 2008 R2, right-click Windows PowerShell and select Run as administrator. If you get a user account control prompt that asks if you would like to continue, respond Continue.
   • If you're running Windows XP or Windows Server 2003, click Windows PowerShell.

3. Run the following command:Get-ExecutionPolicy

4. If the value returned is anything other than RemoteSigned, you need to change the value to RemoteSigned.

        Note   When you set the script execution policy to RemoteSigned, you can  only run scripts that you create on your computer or scripts that are signed by a trusted source.

Enable scripts to run in Windows PowerShell

In Windows PowerShell session you just opened as an administrator, run the following command:

Set-ExecutionPolicy RemoteSigned

• As the tool does not store any user data on the disk, physical RAM requirement various based on the data retrieval from server. The tool minimum requires 500 MB of RAM.

How Tool Works :

As an Office 365/Exchange Administrator, if you want to perform any activity on ActiveSync that are in the cloud, you will use Remote PowerShell or Online Portal. Both connect to the remote server over the Internet.

Similarly, the EASAdmin tool requires Internet connection to connect to Office 365 servers.The tool has to connect to Remote Powershell to perform the tasks. The tool performs various SET & GET tasks. It is expected that the machine that runs the tool installed with pre-requisites for the commands to function. So please refer the pre-requisite section in the documentation before using the tool.

If you are using On-Prem option in the tool, the authentication method will be Kerberos and it will be HTTP communication. If there is any Kerberos unsupported device between tool and server, authentication may fail.

Note: I have titled the fields/options as per Microsoft Exchange Terminology used with Exchange Shell for the easier understanding.

Important: There are options in the tool that can wipe entire data on devices. Please know the options before you execute it.

How to Use the Tool :

It is a stand-alone tool and is multi-instance capable. The tool cannot be run in DOS/Command Prompt as it is GUI based.When you double-click the tool short-cut or the application file, the tool presents you
with log on screen. If you wish to work with Office 365, give sign-in address and password to connect to Office 365 server. Instead you prefer to work with Exchange On-Premise server, you have to provide FQDN of
Exchange 2010/2013 CAS server.

After successful logon, Disclaimer/About page displayed. By Default, All the option are disabled until you click “I Agree” button.

ActiveSync Device List :

The tab lists all the device details. You can retrieve the data from the server, then work with it. More the data you ask, more the time it takes.

The data retrieval from the server can be restricted with,

Important: Clear/Wipe Mobile Device option will clear all the data on the device. Please use it with caution. The tool restricts to send remote wipe request to only three devices at a time to reduce the damage, if the option executed accidently.

IIS Log Parser for ActiveSync :

The option can be used only if IIS log is available.So it will be used primarily with Exchange On-Premise. The result can be further used to disable ActiveSync or view the properties of users.

Exchange Feature:

Exchange Feature executes Get-CASMailbox and retrieve the data from server based the condition you choose.You can enable/disable Exchange Feature and execute Get-CASMailbox,Get-Mailbox,Get-ActiveSyncDeviceStatistics, Get-MailboxFolderStatistics.

Device Block Clear, Device Allow Clear: When you run Get-CASMailbox command for any user, it will list the devices blocked and allowed for users. At times, you want to set this value to $Null. The command
will do the same.

The data retrieval from the server can be restricted with,

General ActiveSync Output:

As name suggests, you can generate multiple ActiveSync related reports. The command output is displayed in the text box. It does not append the current output to the previous command output. It is done intentionally.

Known Issues:

If you leave the Remote PowerShell session running for a long time (may be over 6 hours) without using the tool, then you try to use the PS related option, if you may get unexpected behavior due to session time out.

Troubleshooting:

Issue #1:

PowerShell Session to the server will expire if the tool is not actively used. If you create the session and do not use the tool for a long time, then try to use it after session expiry, you will see the below error. You have to reopen the tool and create new PowerShell Session thru Authentication Tab.

Troubleshooting: Restart the tool to create new session and check.

Issue #2:

If you are not able to create Remote PowerShell Session to the server. Please check whether you are able to connect to Remote PowerShell manually following the method detail in the article : https://help.outlook.com/en-us/140/cc952755.aspx

If you receive error like,

Please set the proper proxy server.

Troubleshooting: Run the command: netsh winhttp show proxy and check what the proxy server is set. If you are using proxy, but the output of the command shown as below, set the correct proxy server.

To set the proxy server, run the command : netsh winhttp set proxy <Proxy Server Name:Port>

If you are not able to connect to PowerShell by following the method in the link : https://help.outlook.com/en-us/140/cc952755.aspx, the PS related options in the tool will not work.

Issue #3:

At times, all looks good but the session may not be established due to server connection rejection or intermittent issues or transient failure.

Troubleshooting: Close the tool and try to create the session after a couple of minutes.

Issue #4:

No Error reported when you Fetch Data and also it completes the task in no time. The issue could be due to PowerShell Script Execution restriction.Run Get-ExecutionPolicy from Windows PowerShell and check the policy. The tool requires execution policy set to RemoteSigned or Unrestricted,else the behavior is expected.

Support/Feedback:

If you have any questions or feedback, you can contact me at: sukum@microsoft.com / raghuv@microsoft.com

Download :

***