I think that I saw a post about this the other day in the MSExchange Forum.
I was about to answer with the usual, you can configure this via the “Exchange Features” component in AD Users and Computers and there is no other way…. but then I thought is that strictly true?
You see, the enable or disable values for these components are part of a users Active Directory properties contained in a value entitled msExchOmaAdminWirelessEnable which has a data type of integer, and can be viewed and modified by using ADSI edit, which also means that you can generate scripts to manipulate the values.
In essence you can use a combination of Integer values from 0 to 7 to enabled or disable the following Mobile features for an individual users account:
- Outlook Mobile Access (OMA)
- User Initiated Synchronisation
- Up-To-Date Notifications
The following table is a run down on the combinations that can be used to gain the desired results:
|Integer Value||OMA||User Initiated Synchronisation||Up-to-date Notification|
So, from know this, I thought “What if you have a security group that contains all the people that you wish to disable these values for, and then have a script which reads the group periodically and changes the values in ad”.
The following is what I came up with:
strADPath = “cn=Deny_AS,cn=Users, “ Set objRootDSE = GetObject(”LDAP://RootDSE“) strDomainContext = objRootDSE.Get(”DefaultNamingContext”) Set objGroup = GetObject (”LDAP://”& strADPath & strDomainContext) objGroup.getInfo Members = objGroup.GetEx(”member”) For Each strMember in Members set ObjUser = getObject(”LDAP://” & stMember) obJUser.msExchOmaAdminWirelessEnable = “7″ ObjUser.setinfo Next
The above script reads the group membership of DENY_AS which is located in the Users container in Active Directory (you would need to create this group if you wish to use the script) and then changes the mobile settings on the account to match the Integer value which is set on the line obJUser.msExchOmaAdminWirelessEnable = “7″ (In my example it will disable all Mobile settings).
This script can be scheduled to run on either you Exchange server, member server or Domain Controller perhaps at an interval of 10 or 20 minutes.