In Exchange 2007, Outlook Web Access (OWA) offers a portal for users to manage their Exchange Active Sync (EAS) devices.
How to access that information?
Log on to OWA
Click "Mobile Device"
Here is what the page looks like:
Note: If ActiveSync is not enabled for the Exchange user, "Mobile Device" tab won't be shown. You can run the PowerShell command to check the status. Here is the result from a test server for example:
[PS] D:\Documents and Settings\ Administrator >Get-CASMailbox -Identity:test |fl ActiveSyncEnabled
ActiveSyncEnabled : True
What can the page do for you?
Note: The following includes the Exchange 2007 and Service Pack 1 (SP1) features:
1) Device status
As shown in the snapshot, the page will list all the Active Sync devices that the Exchange user has ever synced. Each device will be identified with its Type, Last-Sync-Time, and Status, which contains detailed device information, such as First-Sync-Time, User-Agent, etc.
Note: Exchange has provided the protocol support to let the device send up the device-related data (e.g. Friendly Name, OS, Phone number, etc) to the server. But not all devices implement that part of protocol. Therefore, it's possible that you won't see all the data shown in the screenshot.
On the server side, the Exchange administrator can use the following PowerShell command to get the same data.
[PS] D:\Documents and Settings\Administrator>Get-ActiveSyncDeviceStatistics -mailbox:test
This is a very handy feature that was only available to Exchange administrators in Exchange 2003. Now an EAS user can wipe his/her device, primarily in case of device loss. Once the link is clicked and confirmed, the wipe command will be issued to the server and the link will change to "Cancel Wipe Request". (SP1 feature)
As you can infer, there is still a chance for the EAS user to cancel a wipe request if he/she initiated it by accident or subsequently found the device. But the courtesy time is short - once the device initiates a sync to the server and picks up the wipe command, it will be too late to undo the request.
Right before the device clears its data, it will send a last notice to the server. Accordingly, the server will be very friendly to send the device owner a "Remote Device Wipe Confirmation" email, telling you the device is cleared. (SP1 feature)
Note: After the remote wipe, if you luckily find your lost device and want to re-sync it, you must remove it from the OWA device list (refer to "Remove mobile device" section for more info). Otherwise, it will keep on re-wiping itself. This is a security feature by-design.
The following shows how to wipe and cancel wipe with corresponding PowerShell command:
[PS] D:\Documents and Settings\Administrator>Clear-ActiveSyncDevice -Identity:firstname.lastname@example.org\AirSync-PocketPC-v120Device
This is the first link above the device table. Basically what it does is to clean up the sync state data of the selected device on the server. It's useful in several situations:
a. Clean up data: if you switch to a new device, the legacy data of the old device will still hang around occupying your mailbox space. You can find the device and clean it out.
b. Terminate remote wipe: as being said, if you want to re-sync your device after a remote-wipe, you have to come to here to remove it first.
c. Start from scratch: well, theoretically this wouldn't happen, but it might in the real life - if you feel your device is not working properly and want to start a fresh sync from the scratch, you can remove the device partnership from the server (i.e. here) and the device, then get fresh restart.
The corresponding PowerShell command for the admin is as following:
[PS] D:\Documents and Settings\Administrator>Remove-ActiveSyncDevice -Identity:email@example.com\AirSync-PocketPC-v120Device
This is a nice feature to give the EAS user a chance to unlock the device if he/she forgets the device PIN. Clicking the "Display Recovery Password" will show a pop-up dialog bearing the Recovery Password. Here, I'd like to call out that the recovery password is NEITHER the same as the device PIN and, for example on Windows Mobile (WM) devices, NOR used in the same way. Actually its usage is sort of tricky: Menu, then Reset Password, <type in new password> then <type in Recovery Password>.
There is no related PowerShell command for an Exchange administrator to get this info due to security reasons.
5) Retrieve Log
Starting with Exchange 2007, we provide a light-weight server logging to track details of the last 15 (configurable) requests/responses and possible errors for problem diagnosis. By default, the logging is off. It can be turned on and tweaked easily from web.config:
After the Exchange administrator turns on the logging and device starts syncing, a "Retrieve Log..." link will show on the OWA device page to let the device owner grab the log, which will be dropped into the Inbox as an attachment of an Action email, titled as "Log retrieved for device: XXXXXX". The log can be very useful to Microsoft support personnel in diagnosing EAS issues.
The log can also be retrieved using the PowerShell Get-ActiveSyncDeviceStatistics command by passing GetMailbxoLog/LogPath parameters: (SP1 feature)
[PS] D:\Documents and Settings\Administrator>Get-ActiveSyncDeviceStatistics -Identity:firstname.lastname@example.org\AirSync-PocketPC-v120Device -GetMailboxLog:$true -OutputPath:"C:\"