powershell remoting to exchange: Set-CASMailbox does not have property ActiveSyncBlockedDeviceIDs

Publish date: 2024-06-07

I am trying to set up a service that disables a user's exchange access by remote powershell to the exchange server and executing like so:

 Set-CASMailbox -Identity usern -OwaEnabled $False Set-CASMailbox -Identity usern -EwsEnabled $False Set-CASMailbox -Identity usern -EcpEnabled $False Set-CASMailbox -Identity usern -MapiEnabled $False Set-CASMailbox -Identity usern -MapiBlockOutlookRpcHttp $True Set-CASMailbox -Identity usern -EwsAllowMacOutlook $False Set-CASMailbox -Identity usern -EwsAllowOutlook $False //THIS ONE FAILS: Set-CASMailbox -Identity usern -ActiveSyncBlockedDeviceIDs "USERSDEVICEID" 

ERROR: A parameter cannot be found that matches parameter name 'ActiveSyncBlockedDeviceIDs'.

when I do a Get-Command, from the exchange server itself, it does show ActiveSyncBlockedDeviceIDs in the list of parameters that Set-CASMailbox accepts, however when i do a Get-Command from my c# code on the remote server, it DOES NOT show ActiveSyncBlockedDeviceIDs in the list of parameters!!! am I missing something? is the Set-CASMailbox commandlet different between the one that runs on the server and the one that is exposed remotely? or is this field not supported? (or any other tree I should bark up to get this to happen via a wcf service that is not executing on the exchange server?)

my C# code to execute this from the remote server is like so: (try... blocks,etc removed)

 WSManConnectionInfo connectionInfo = new WSManConnectionInfo( new Uri("http://" + server + "/Powershell/Microsoft.Exchange"), "http://schemas.microsoft.com/powershell/Microsoft.Exchange", credential); Runspace runspace = RunspaceFactory.CreateRunspace(connectionInfo); PowerShell ps = PowerShell.Create(); ps.Runspace = runspace; //none of these seem to make any difference if i add them or not. //ps.Commands.AddScript(@"Import-Module 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'"); //ps.Commands.AddScript(@"Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010"); ps.Commands.AddScript(@"Get-Command"); runspace.Open(); var psResult = ps.Invoke(); //iterate through and find parameters for Set-CASMailbox foreach (var res in psResult) { if (res.Members["Name"].Value.ToString()=="Set-CASMailbox") { foreach (var mem in res.Members) { if (mem.Name == "ParameterSets") { Console.WriteLine(mem.Value); break; } } } } 

Outputs list or parameters:

(ActiveSyncBlockedDeviceIDs is not there, nor is ActiveSyncEnabledDeviceIDs for that matter)

[-Identity] <MailboxIdParameter> [-ActiveSyncDebugLogging <Nullable`1>] [-ActiveSyncEnabled] [-ActiveSyncMailboxPolicy <MailboxPolicyIdParameter>] [-DisplayName <String>] [-DomainController <Fqdn>] [-ECPEnabled] [-EmailAddresses <ProxyAddressCollection>] [-EwsAllowEntourage <Nullable`1>] [-EwsAllowList <MultiValuedProperty`1>] [-EwsAllowMacOutlook <Nullable`1>] [-EwsAllowOutlook <Nullable`1>] [-EwsApplicationAccessPolicy <Nullable`1>] [-EwsBlockList <MultiValuedProperty`1>] [-EwsEnabled <Nullable`1>] [-HasActiveSyncDevicePartnership] [-IgnoreDefaultScope] [-ImapEnabled] [-ImapEnableExactRFC822Size] [-ImapMessagesRetrievalMimeFormat <MimeTextFormat>] [-ImapSuppressReadReceipt] [-ImapUseProtocolDefaults] [-MAPIBlockOutlookNonCachedMode] [-MAPIBlockOutlookRpcHttp] [-MAPIBlockOutlookVersions <String>] [-MAPIEnabled] [-Name <String>] [-OWAEnabled] [-OwaMailboxPolicy <MailboxPolicyIdParameter>] [-PopEnabled] [-PopEnableExactRFC822Size] [-PopMessagesRetrievalMimeFormat <MimeTextFormat>] [-PopSuppressReadReceipt] [-PopUseProtocolDefaults] [-PrimarySmtpAddress <SmtpAddress>] [-SamAccountName <String>] [-ShowGalAsDefaultView] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-WarningAction <ActionPreference>] [-ErrorVariable <String>] [-WarningVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] [-WhatIf] [-Confirm] 
4

1 Answer

Finally got back to this problem. mjolinor's suggestion helped me. Needed to add the service account to the appropriate RBAC role. (Exchange Managers I think). After that, ActiveSyncBlockedDeviceIDs and ActiveSyncEnabledDeviceIDs showed up in the list of available parameters for the Set-CASMailbox command. Interesting to note that those were the only 2 missing, and the only 2 that showed up after adding to the role.

0

ncG1vNJzZmirpJawrLvVnqmfpJ%2Bse6S7zGiorp2jqbawutJoaWxsYW2Cd4COqaawnaKotaa4y2apnqWfqbavs4ytpmadqJi1orrGnmSsnaRisKK%2FzJqgpZqfrXqlu8SsZKenpGK1osLEZqerp6Cav7XFjJqaraGmmsC6ug%3D%3D