The automatic cleanup of old Exchange ActiveSync device partnerships


In 2012, I wrote about ActiveSync device partnerships some time ago to describe how partnerships are created and how they accumulate over time, which leads to the need to clean up partnerships belonging to old and obsolete devices, such as that HP iPAQ hw6515 that has long since been disconnected from your life. Bizarrely, you can still buy the device through Amazon.

The reason why you might be concerned about device partnerships is that old ones can clog up user accounts and prevent users adding new devices, which is not a great experience when they’ve just bought a new iPhone and now want to synchronize Outlook for iOS with their mailbox.

My previous discussion focused on Exchange 2010. Microsoft subsequently introduced the New-ThrottlingPolicy and Set-ThrottlingPolicy cmdlets in Exchange 2013 and these cmdlets include the EasMaxInactivityForDeviceCleanup parameter to help address the problem of decaying partnerships. This development quite passed me by, which isn’t an unusual state of affairs because the code base for Exchange is so large.

In any case, the EasMaxInactivityForDeviceCleanup parameter is defined in TechNet as follows:

“The EasMaxInactivityForDeviceCleanup parameter specifies the length of time that a user’s device partnerships will remain active. By default, there is no limit to the number of days that a user’s device partnerships will remain active. Use this value if you want to minimize the amount of inactive device partnerships in your organization. To use this setting, specify a value in days since the user’s last sync time to cause the device partnership to be removed.”

Exchange 2013, Exchange 2016, and Exchange Online all include code that can clean up obsolete partnerships when a new mobile device is added to an account. The following processing occurs:

  1. User attempts to add a new mobile device with ActiveSync.
  2. If no throttling policy is assigned to the mailbox or the policy that is assigned has a $Null or “unlimited” value for EasMaxInactivityForDeviceCleanup no further checking occurs as these values indicate that the administrator doesn’t want device partnerships to be cleaned up.
  3. Existing device partnerships with the account are checked. Those that exceed the value of EasMaxInactivityForDeviceCleanup are regarded as being inactive. Within Exchange Online, an inactive device is one that has not connected to the mailbox for 180 days or more.
  4. Any inactive device partnerships are removed from the account.
  5. A check is performed to ensure that the number of remaining partnerships remains under the limit for devices (100). In an on-premises environment, you can change the maximum number of EAS devices to whatever value you choose by updating a throttling policy and assigning it to mailboxes.
  6. If the cap is not exceeded, the new device is added.

Obsolete device partnerships are checked during the device addition process to minimize the demand on system resources. Clearly, there’s no point in looking for obsolete device partnerships if they’re not causing a problem and the only problem that old partnerships cause is when they might block the addition of a new device.

The cmdlets to control throttling policies are only available for on-premises servers. There’s no need for them to be available for Exchange Online because Microsoft takes care of system resource management and anyway, a very different throttling regime exists in a multi-tenant environment.

The nature of cloud services is that they are much more automated and controlled than on-premises systems. Adding a method to clean-up obsolete device partnerships makes a lot of sense for Exchange Online. Exchange Online allows up to 20 device partnerships to be removed for an account to be removed per month.

The code to remove obsolete device partnerships is also present in on-premises mailbox servers but it won’t be used unless the throttling policies that are assigned to mailboxes include a value for EasMaxInactivityForDeviceCleanup, which might not be the case. If the policies are updated to include a limit for inactive partnerships, then the code will swing into action. If activated, no limit is placed on the number of device partnerships that an Exchange on-premises server can remove per month.

Exchange 2010 supports 10 device partnerships per account; Exchange Online and Exchange 2016 both support 100, an increase that surely reflects the increasing use of mobile devices by everyone. It’s interesting to speculate quite how long it would take a normal human being to accumulate 100 mobile devices!

It’s good that Microsoft has implemented the functionality to detect and remove old device partnerships when new devices are being added. It would be good if this was developed further so that device partnerships were managed on an automatic basis according to a policy. For instance, you might be able to say that the partnerships for devices that hadn’t connected to an account in over a year should be removed. Even better, it would be good if administrators received a heads-up message every week or so to inform them that some device partnerships are approaching the point at which they will be removed, just in case one of the partnerships belongs the backup device for the CEO.

There’s nothing to stop you removing old device partnerships using PowerShell if you want to. Here’s an example of how to do the job using an updated version of the code published in the original post. The code checks for partnerships belonging to devices that haven’t synchronized in the last seven days and removes them.

Get-CASMailbox -ResultSize unlimited –Filter {(HasActiveSyncDevicePartnership -eq $true) -AND (name -notlike “cas_*”) -AND (name -notlike “DiscoverysearchMailbox*”)} | ForEach {Get-MobileDeviceStatistics -Mailbox $_.Identity | Where-Object {$_.LastSuccessSync -le ((Get-Date).AddDays(“-7”))} | Remove-MobileDevice}

It’s easy to amend the code to make the check work for 15, 30, 45, or however number of days you see fit, but please test the code before you run it for real. It’s just too easy to run some PowerShell and clean data up really fast. So fast that all your data goes, including whatever you want to keep. Practice safe scripting…

Follow Tony @12Knocksinna

Advertisements

About Tony Redmond ("Thoughts of an Idle Mind")

Exchange MVP, author, and rugby referee
This entry was posted in Cloud, Exchange, Office 365 and tagged , , , , , , , , . Bookmark the permalink.

5 Responses to The automatic cleanup of old Exchange ActiveSync device partnerships

  1. Pingback: The automatic cleanup of old Exchange ActiveSync device partnerships | Thoughtsofanidlemind’s Blog | JC's Blog-O-Gibberish

  2. Pingback: Automatic Cleanup of Exchange ActiveSync Device Partnerships | SME IT guy

  3. Amber says:

    is there a way to get this is a list to view before you remove them?

  4. Guillermo Saldana says:

    Is there a way to prompt deletion or not per user found?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s