Allowing mobile devices on Exchange Online with a bulk script

Hi guys,

In my last exchange migration to O365 my customer had the requirement to block all BYOD because for security reasons email department verify and manage all mobile devices. How? as always, asigning IMEI device ID to the user mailbox in O365.

Steps to acomplish that:

First of all you need to go to Exchange Online and there go to mobile section. Push on Edit.



On the window select Block access and push on save


After that action, you can use the below command to asign devices to usermailboxes:

Set-CASMailbox -ActiveSyncAllowedDeviceIDs “ID”

To check some user use:

Get-CasMailbox username | fl ActiveSyncAllowedDeviceIDs

If you have a large correlation of users – devices you can use my script. It’s very useful!!

  1.  You need a csv file with a list of users called migration.csv. Save it on C:\migration folder.


2. You need a file called Device_Info.csv where you have all device IMEI info exported from on-prem. Save it on C:\migration folder.


3. A csv file called LoteYYYYMMDD.csv where you have all users in O365.


4. The magic script:

[string]$Script:sourcefilename = “migration.csv”,
[System.Management.Automation.CredentialAttribute()]$cred = $null

Write-Host “This script must be run from a Powershell AD AZURE”
Write-Host “We load the list of users migrated from file $($Script:sourcefilename)”
$migrados = Import-Csv $Script:sourcefilename
if([String]::IsNullOrEmpty($cred)){$cred = Get-credential}

Write-Host “We load the list of devices.”
$Users = Import-Csv “C:\MIGRATION\Device_Info.csv” | Sort-Object PrimarySMTPAddress
$UserID = $null

Foreach ($user in $Users)
#Let’s see if the device line in the file contains a migrated user
$containsMailMigrado = $migrados | %{$_ -match $user.PrimarySMTPAddress}
If($containsMailMigrado -contains $true)
Write-Host ” Finded MailMigrado – $($user.PrimarySMTPAddress)”
$UserID = $user.PrimarySMTPAddress
$DeviceID = $user.DeviceID
Write-Host ” Adding device DeviceID = $($DeviceID)”
Set-CASMailbox -Identity $UserID -activesyncalloweddeviceid @{Add=$DeviceID}

Save that script as ScriptDevicesO365.PS1

Having all requisites showed above you can execute the line .\ScriptDevicesO365.PS1 LoteYYYMMDD.csv $UserCredential that will permit all your corporate devices be used with the assigned user on Office 365 – Exchange Online.





Validating AD preparation to deploy Exchange 2013


These days I’m creating an Hybrid Exchange environment with O365 where we are going from Ex 2007 to Ex 2013 and one of the prerequisites is prepare AD for that.

After copy exchange binaries to a DC with FSMO roles, execute the following lines:

.\Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
.\Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
.\Setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms

When finished, check that replications are all ok with:

repadmin /showrepl

To finish validate your upgrades cheking version number of everyone with these powershell lines, faster than go to ADSIEdit and seek there.

# Exchange Schema Version
$sc = (Get-ADRootDSE).SchemaNamingContext
$ob = “CN=ms-Exch-Schema-Version-Pt,” + $sc
(Get-ADObject $ob -pr rangeUpper).rangeUpper

# Exchange Object Version (forest)
$cc = (Get-ADRootDSE).ConfigurationNamingContext
$fl = “(objectClass=msExchOrganizationContainer)”
(Get-ADObject -LDAPFilter $fl -SearchBase $cc -pr objectVersion).objectVersion

# Exchange Object Version (domain) – assumes single domain forest
$dc = (Get-ADRootDSE).DefaultNamingContext
$ob = “CN=Microsoft Exchange System Objects,” + $dc
(Get-ADObject $ob -pr objectVersion).objectVersion