Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2010-02-24

Microsoft Exchange Server 2007 enables you to restrict access to Exchange ActiveSync by using the device ID. This feature prevents users from synchronizing unauthorized devices with Exchange 2007. You can configure this restriction on each user's mailbox. By default, if Exchange ActiveSync is enabled for a user, the user can synchronize their Exchange mailbox with any device. To restrict a user to a specific device, populate the ActiveSyncAllowedDeviceIDs parameter from the Set-CASMailbox task. If Exchange ActiveSync is not enabled for the user, they will be unable to synchronize any device with Exchange. This topic provides instructions for how to prevent a specific device from synchronizing with Microsoft Exchange. This task can be completed only by using the Exchange Management Shell.

Before You Begin

To perform the following procedure, the account you use must be delegated the following:

  • Exchange Recipient Administrator role

  • Membership in the local Administrators group

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

Also, before you perform this procedure, make sure that Exchange ActiveSync is enabled for the user.


To use the Exchange Management Shell to disable a device for Exchange ActiveSync

  • To prevent a device from synchronizing with Microsoft Exchange, you must remove its device ID from the ActiveSyncAllowedDeviceIDs parameter list. To do this, run the following command:

    Copy Code
    Set-CASMailbox -Identity: "EmailAlias" -ActiveSyncAllowedDeviceIDs: "<DeviceID_1>","<DeviceID_2>"
    There is no built-in functionality for retrieving the device ID before the user synchronizes with the Exchange server. After the user has synchronized the device with the Exchange server, you can run the following command to retrieve the device ID:
    Copy Code
    Get-ActiveSyncDeviceStatistics -Mailbox:"<EmailAlias>" |fl DeviceID 

For more information about syntax and parameters, see Set-CASMailbox.

For More Information

For more information about how to manage Windows Mobile powered devices, visit the Windows Mobile Center Web site.