Home » Exchange Server » Get-EASDeviceReport.ps1 Script to Report on ActiveSync Devices

Get-EASDeviceReport.ps1 Script to Report on ActiveSync Devices

Recently I was asked whether I had any PowerShell scripts available for producing a simple report of the ActiveSync devices for an Exchange organization. I didn’t have a script at the time but was able to quickly put one together that did the job, though it was a little rough.

I’ve since updated the script to make it more functional and reliable, and I am releasing it here for the community to download and make use of as well.

This script is available for download on the TechNet Script Gallery or Github. Comments are welcome below. If you find a bug please consider raising it as an issue on Github.

Simply run the script in the Exchange Management Shell to produce the report in CSV format.

The report is written to a CSV file in the same folder that the script is located.

easdevicereport

You can also send the CSV report via email, and specify an “age” in days for the last sync attempt of the device, for example to only report on devices that have not attempted sync in 30 days.

get-easdevicereport-email

This script is available for download on the TechNet Script Gallery or Github. Comments are welcome below. If you find a bug please consider raising it as an issue on Github.

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server

106 comments

  1. Stuart Law says:

    Hi Paul,
    Is there a way to run this on individual servers?
    In the middle of a 2007 – 2010 migration so the mailboxes are split.

    It comes back with the ‘You must use V14’ error.

  2. Shane Bryan says:

    Hmm, I’m logged in but I can’t get the download link for the script to appear. When I click on the “Join Here it’s free” link it takes me to a page that says “Welcome, you’re already logged in”.

  3. Mykul says:

    Paul,
    Just to clarify, when adding the -Age 30 to the script with csv output, the Sync Age column is how many days ago the device last synced?

  4. Red says:

    Hi,
    great, as usual, but not working in a multidomain environment. I need something like “Set-AdServerSettings -ViewEntireForest $True” in the shell initialization and “-ResultSize unlimited” in the get-ActiveSyncDevice” but I really don’t know how to do the trick.
    Regards.

    Red.

  5. RC says:

    Hi,

    Is there anyway we could get the script to show the current time versus UTC and maybe a sort on the most recently sync’d device?

    Thank you a ton!

    Ryan

  6. Marcus says:

    Hi Paul,

    First of all thank you very much for all the great scripts that you put out for us, it really does make our lives that much easier.
    When I run the script a few of my DeviceID’s are been truncated, i.e. the DeviceID appears as 5.1535E+29. Is there a way around this?

    Thanks

  7. Marcus says:

    Hi Paul,

    I figured out what the problem is. The report sends a .CSV attachment which if you open directly by double clicking it from within Outlook Excel will open and truncate the long numbers. You have to open Excel then import the CSV, when you get to step 3 you need to highlight the DeviceID column and change it from General to Text. This will stop Excel from automatically truncating long numbers.

    Thanks

  8. Pradeep says:

    there are various users which activesync account is enabled and under manage phone option none of the device is appearing due to this i am unable to remove mobile phone partnership or perform a remote wipe.

    and this kind of accounts are not getting captured in this script. Kindly suggest how to capture these kind of activesync enabled users through this script.

    • I don’t really understand your question.

      The script reports on ActiveSync device partnerships. It uses Get-CASMailbox to find users with EAS device partnerships. If there is no partnerships for a user then the device won’t be included in the report.

      Are you saying you have devices with no partnership that you’d like to report on?

      • Pradeep says:

        Apologies for delay and thanks for responding to my query. Yes i would like to capture even those account whose active sync account is enabled and not yet activated there device. So you under stand correct that i have devices with no partnership that you’d like to report on. Kindly suggest, How we can achieve this.

  9. Mark says:

    Hi Paul,

    I was wondering if there any way to get this report to give information such as MAC address? I see you have device I.D just as I’m trying to create a white list on our wireless connections and wanted to use this for referencing.

    Thanks, Mark

  10. Gavin Connell-Otten says:

    Hi Paul, nice job dude 🙂

    Any tips for getting this going with Exchange Online (Exch2013)?

    Cheers,

    Gavin

  11. Gavin Connell-Otten says:

    Scrap that question, figured it out. I just commented out the Exchange snap in check stuff and made sure I already had the cmdlets loaded in my remote powershell session. Works well for Office 365, thanks!

  12. Tony B says:

    We are in the process of implementing an MDM solution and moving all EAS devices to it. I want to run the script to clean up devices that have not connected in xx days, but I also need to skip devices that are enrolled through MDM. When I run the get-activesyncdevice | get-activesyncdevicestastics command, I get an output that shows a column labled DeviceAccessStateReason. The values are “global” for devices connected directly to EAS and “individual” for devices managed through the MDM.

    Is there a way to modify the script to only find devices that have not connected xx days and have DeviceAccessStateReason=global?

    Thanks,
    Tony

  13. David says:

    Ok. I feel like a complete idiot but I really want to see this script. I signed up and signed in, but still do not see a link to download the scipt.
    Thanks very much.

  14. Lasantha says:

    Very useful script. One thing I noticed that soon after I ran the script, there were 47 events with the ID 1033 in the application log. One event for example read as follows,

    The setting EventQueuePollingInterval in the Web.Config file was not valid. The previous value was null and has been changed to 2.

    Has anyone seen this too? We are on Exchange 2010 SP3 with latest CU.

    Thanks

  15. Anthony says:

    Hi Paul,

    We have a CAS Array with 5 Servers behind a Cisco Content Switch.

    Can this script show which CAS server the device is syncing with? We’re running Exchange 2007.

  16. Mustansir says:

    The script worked like it says. Only thing I was wondering, whether we can get the GUID of the ActiveSync device also in the output. And secondly , how to pipe this output to a script which would inturn remove the activesync devices based upon the GUID’s we select from a CSV or text file. Any assistance in this regard would be very helpful

  17. Chris Lehr says:

    Great script. If you modify the Initialize section to this (or replace it with the EXO part) it works with Exchange Online!

    $selectorg = Read-Host ‘enter 1 for Exchange Online and 2 for Exchange on premise’

    if ($selectorg -eq 1)
    {
    $c = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $c -Authentication Basic -AllowRedirection
    import-pssession $session
    } else {

    #Add Exchange 2010/2013 snapin if not already loaded in the PowerShell session
    if (!(Get-PSSnapin | where {$_.Name -eq “Microsoft.Exchange.Management.PowerShell.E2010”}))
    {
    try
    {
    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction STOP
    }
    catch
    {
    #Snapin was not loaded
    Write-Warning $_.Exception.Message
    EXIT
    }
    . $env:ExchangeInstallPathbinRemoteExchange.ps1
    Connect-ExchangeServer -auto -AllowClobber
    }
    }

  18. Sabir says:

    Hi Paul,

    Thanks for the article, as you mentioned in the fb post you shared can you please tell, if we take the report which tab shows that the users have connected to their mailbox with the app.”

    ” With all the excitement and concerns about Outlook for iOS and Android remember you can use my Get-EASDeviceReport.ps1 script to find out which of your users has connected to their mailbox with the app.”

    Thank you

    • Rosario Carcò says:

      I scheduled the Script to run every night and I can see new users having made an attempt. SyncAge displays NEVER and LastSyncAttemptTime and LastSuccessSync are empty.

      I modified the if clause in the script to filter out only the new iOS-Android users/devices and inverted to show syncAge LESS than the given 30 days to get only users/devices who connected in the last few days, like this:

      if ($EASDevice.DeviceModel -like ‘*Outlook for iOS and Android*’ -and ($syncAge -le $Age -or $syncAge -eq “Never”))

      Of course you could omit the whole syncAge part if you are only intrested in tracking the iOS-Android users that started only recently as the app was released.

      Rosario

  19. Sven says:

    I try to execute the script and got the message that “..is not digitally signed…”

    My ExecutionPolicy is set to RemoteSigned. The ExchangeEnvironmentReport script is working fine.

    Do I have to set it to “Unrestricted”?

    Sven

  20. Josué López says:

    Hi Paul,

    I have a doubt, is there a way to configure this script to run in the Task Scheduler?

    I was trying to run the script in the Task Scheduler of Windows but i can´t make it work to send me and email (Only when I run through windows scheduler), if i run the script throught powershell everything is ok.

    Thank you.

    Regards.

  21. Thomas Bjorseth says:

    Excellent script. Does just what I want, but there is one thing…

    As it loops through the users, I get the following warning:
    “WARNING: The Get-ActiveSyncDeviceStatistics cmdlet will be removed in a future version of Exchange. Use the Get-MobileDeviceStatistics cmdlet instead.
    If you have any scripts that use the Get-ActiveSyncDeviceStatistics cmdlet, update them to use the Get-MobileDeviceStatistics cmdlet. For more infor
    mation, see http://go.microsoft.com/fwlink/p/?LinkId=254711.”

    It appears that the cmdlet that is used to create the report is disappearing sometime in the future. The script still works, but for how long?

  22. Pirkka says:

    Nice script.

    However, seems like the HasActiveSyncDevicePartnership -property is not always correctly populated.
    I.e. users have it true, even if they do not have AS devices and false if they do.

  23. Eduardo says:

    Hello, would it be possible to add an ADuser information to the CSV?, I want to add the Title of the employe.

    Thanks

  24. Catalin Pascu says:

    Hello,

    So I tried to use this script but it keeps telling me that: “Warning: no snap-ins have been registered for windows powershell version 2”.

    I checked the Powershell version and it is v 2.0

    Can you help me please?

    This report will be very useful for me 🙂

    Thank you in advance.

      • Catalin Pascu says:

        Well we do not have a physical Exchange server. It is in another country. Can’t it be runed from Windows Power Shell?

        If so, can you please guide me on how I should run the script?

        Sorry if the questions are a little but silly, but this is all quite new to me.

  25. Deivid says:

    Hi Paul, very useful script 🙂 Here is a good version that I’ve adapted to work with EXO as well. Just use -EXO $true in order to get devices from the EXO. Regards!

    Edit: removed script. Please don’t post entire scripts into the comments here, it messes with the page layout.

  26. Gustavo says:

    Hi Paul, its error:

    PS C:Scripts> .Get-EASDeviceReport.ps1
    File C:ScriptsGet-EASDeviceReport.ps1 cannot be loaded. The file C:ScriptsGet-EASDeviceReport.ps1 is not digitally
    signed. The script will not execute on the system. Please see “get-help about_signing” for more details..
    At line:1 char:26
    + .Get-EASDeviceReport.ps1 <<<<
    + CategoryInfo : NotSpecified: (:) [], PSSecurityException
    + FullyQualifiedErrorId : RuntimeException

  27. Ashish Bachhas says:

    Is there any way to exclude legacy EAS users while this script executes. I only want report to include Exchange 2013 EAS users and skip all Exchange 2007 EAS users while running. This will save some time as every time it connect to 2K7 mailbox, it gives the following error for them.

    The Get-ActiveSyncDeviceStatistics command that you are trying to run, which is version 15, requires that the target mailbox account is on a Mailbox server that is the same version. The command wasn’t able to process your request because the target mailbox account is on a Mailbox server with version 8

  28. J. Greg Mackinnon says:

    Nice script… under Exchange 2013 and 2016, the Get-ActiveSyncDevice* cmdlets are deprecated. I revised the script to use “Get-MobileDevice*” instead. Also, I reworked the script to use “Get-MobileDevice*” to fetch all devices in Exchange, thus bypassing the need to loop though all mailboxes using “Get-CASMailbox”. (This was hazardous and time consuming in our environment owing to the number of mailboxes.) I also added a “-sortBy” script, and added some additional logic to handle situations where a device is associated with a user whose mailbox has been deleted.

    Revised script below:

    Script removed: please don’t paste large scripts into comments, it messes with the page layout.

  29. Kapil K says:

    Hi Paul,

    I need your help for my active issue.
    I am working on Exchange 2103 CU8, I have deployed a new active policy for my users for applying the security policies on the mobile devices which connects to my Exchange server with active sync. I have configured a 4 digit simple password with no wipe out in case of logon failures. I have also enabled recovery password in the same, but none of the mobile devices provides recovery password to Exchange server and I am unable to unlock the user’s mobile device in case user forgets the password. I have also tested Windows Phones but there also I am failing to get the recovery password. I tested some of Samsung Android devices, these devices provides the recovery password but the device itself does not accept the same password. Need your suggestion for resolving the same.

  30. Kenneth B says:

    Hi Paul;

    We are looking to run your script in our environment but the output only stated people within a certain domain. Is there a way to have the script pull users information from another domain ?
    (Exchange 2010 sits on same server as domain.company.com but we have users in otherdomain.company.com that we need to report on)

    Our goal is to verify which users are using what devices to connect to our Exchange server especially with the vulnerability of Outlook for iOS.

    Thanks for reading and assisting.

  31. J Nichols says:

    I try to run your script Get-EASDeviceReport.ps1 but get the following exception:
    WARNING: Cannot load Windows PowerShell snap-in Microsoft.Exchange.Management.PowerShell.E2010 because of the following
    error: The type initializer for ‘Microsoft.Exchange.Data.Directory.Globals’ threw an exception.

    We have a Hybrid configuration, where we use Exchange 2013 for Office 365 and two local servers for connectivity to Exchange online.

  32. rino says:

    i have a question regarding “last successful sync”. why on some users it returns empty even though the user have checked his email a few days back?

  33. Kartik says:

    Paul,

    I tried downloading the script from both technet script gallery and github but at both places the content of script file lost formatting. I tried doing wordwrap in notepad but still the script content looks gibberish. Is there some other place from where I can download this script?

    • That seems to happen if you try to open/edit the file directly from within the Zip file. It seems fine when I first extract the script from Zip file, and then open it in the PowerShell ISE.

      • Kartik says:

        Can’t believe received such a quick response from Exchange Legend himself. 🙂

        It worked in ISE like you mentioned. Thanks a ton for writing outstanding scripts and sharing amazing tips!!

  34. Riaan says:

    Good Day Paul.

    I’m struggling to add multiple mail recipients to the script any ideas?

    Error: ‘MailTo’. Cannot convert value to type System.String.

    I’m separating mail addresses with commas.

    Thanks

  35. Mike says:

    Paul, do you know of a way how to tetermine if a device is enrolled in an MDM solution? Get-MobileDevice “ismanaged” states only if a device is supervised or not, right? I am currently looking for a way to filter ActiveSync devices which are enrolled with Intune since Conditional Access with hybrid Intune, Exchange On-Premise and Outlook app is not supported. Thanks

  36. Thomas Monday says:

    Can you advise on how I can get it to run on child domains? Exchange sits in the root and the users are in multiple child domains.

  37. Michael Brandley says:

    We have multiple domains at our location (one forest) and I needed to include the domain name in the report so I modified it as follows:

    Right after the “Write-Host -ForegroundColor Green “Processing $($EASDevice.DeviceID)”” entry, I added…

    $FullIdentity = ($Mailbox.Identity).toString()
    $Domain = $FullIdentity.Split(“/”)[0]

    Then added…

    $reportObj | Add-Member NoteProperty -Name “Domain” -Value $domain

    I’m not a programmer by any means – I’m terrible in fact – so I’m sure there is a better way to do this but it worked for what I needed 🙂

    • Krid says:

      Hi Helao,

      you need to set the scope of the current session to the entire forest

      Set-AdServerSettings -ViewEntireForest $true

      before you start the script.

Leave a Reply

Your email address will not be published. Required fields are marked *