A reader of my blog asked the following question, which I would like to answer briefly here:
Hello Frank,
I have a question if it can be solved with a script.
(Exchange 2016)
If an employee has their out-of-office assistant active, ActivSync is automatically deactivated.
As soon as the out-of-office assistant is switched off again, ActiveSync is automatically activated.The whole thing is to be used as work protection so that the employee cannot read e-mails while on vacation.
Best regards
So this is about deactivating the ActiveSync function for synchronizing e-mails and calendars with the smartphone during absence. The VW Group implemented something similar many years ago and it seems to have proved successful:
VW went one step further back then and deactivated synchronization with smartphones after work. So the issue is not new.
But first to the question posed:
ActiveSync can not only be switched on and off globally, but also per mailbox. This means that if a user activates their Out of Office Assistant, ActiveSync can be switched off for this mailbox. If the Out of Office Assistant is deactivated again, ActiveSync is reactivated for the mailbox. I simply assume that ActiveSync does not have to be deactivated at the exact moment when the out-of-office assistant is activated; you can certainly live with a small delay here. You could therefore run a script at certain intervals to deactivate ActiveSync for all mailboxes with the out-of-office assistant activated. Of course, this must be canceled again when the Out of Office Assistant is deactivated.
The following small script can be used for exactly this case (a 3-line script if you leave out the comments):
| 1 2 3 4 5 6 7 8 9 10 | #Exchange SnapIn import
Add-PSSnapin
Microsoft.Exchange*
#Active Sync switch off if absence assistant is activated
# Get all mailboxes where the Out of Office Assistant is enabled and ActiveSync is enabled, then disable ActiveSync
Get-Mailbox
|
Get-MailboxAutoReplyConfiguration
| where {
$_
Autoreplystate
-eq
"Enabled"
} |
Get-CASMailbox
| where {
$_
.ActiveSyncEnabled
-eq
$True
} |
Set-CASMailbox
-ActiveSyncEnabled
$false
#Activate Active Sync if Out of Office Assistant is deactivated
# Get all mailboxes for which the Out of Office Assistant is deactivated and ActiveSync is deactivated, then activate ActiveSync
Get-Mailbox
|
Get-MailboxAutoReplyConfiguration
| where {
$_
Autoreplystate
-eq
"Disabled"
} |
Get-CASMailbox
| where {
$_
.ActiveSyncEnabled
-eq
$False
} |
Set-CASMailbox
-ActiveSyncEnabled
$true
|
The script can be executed via task scheduling, for example every day at the end of the working day and every morning before work starts.
If you now also want to deactivate ActiveSync after work, i.e. similar to what VW does (or did?), then you could proceed as follows:
Run the following script at 7:00 in the morning:
| 1 2 3 4 5 | #Exchange SnapIn import
Add-PSSnapin
Microsoft.Exchange*
#Activate ActiveSync
Get-CASMailbox
|
Set-CASMailbox
-ActiveSyncEnabled
$true
|
and at the end of the day:
| 1 2 3 4 5 | #Exchange SnapIn import
Add-PSSnapin
Microsoft.Exchange*
#Deactivate ActiveSync
Get-CASMailbox
|
Set-CASMailbox
-ActiveSyncEnabled
$false
|
If desired, this can of course also be filtered, here is an example that switches off ActiveSync for all users in the IT department:
| 1 | Get-User
-filter
"RecipientType -eq 'UserMailbox' -and Department -like 'IT'"
|
Set-CASMailbox
-ActiveSyncEnabled
$false
|
By the way: Access to OWA, Outlook Anywhere, IMAP and POP can also be controlled in this way...
