The Exchange Management Shell includes various cmdlets commands to configure everything from mailbox quotas to SMTP relay settings. Cmdlets are typically named with a <verb> - <noun> convention, such as in Get-CASMailbox. AirWatch uses the PowerShell cmdlets to establish the remote PowerShell session.

New-PSSession

  • Creates a persistent PowerShell connection to a local or remote host. Once the session is open, the client can perform any number of PowerShell commands.
  • Performs Set-CASMailbox and updates three distinct parameters for a mailbox when AirWatch uses this connection: ActiveSyncAllowedDeviceIDs, ActiveSyncBlockedDeviceIDs, and ActiveSyncEnabled.

    For example:

    • New-PSSessionOption -SkipRevocationCheck -SkipCACheck -SkipCNCheck–ProxyAccessType WinHttpConfig
    • New-PSSession –ConfigurationName $configurationName -ConnectionUri $connectionUri -Credential $cred -Authentication $authentication-AllowRedirection -SessionOption $proxyOption

Import-PSSession

Helps to import PowerShell commands from one PowerShell session to another. For example:

  • Import-PSSession –AllowClobber -CommandName $commandToImport -FormatTypeName

Set-ExecutionPolicy

Allows the client to modify its preferences for the PowerShell execution policy. Set-ExecutionPolicy also helps to determine if the client has the permissions necessary to perform certain PowerShell commands.

Set-CASMailbox

Helps to block or allow client access to specific user’s mailboxes over several client applications, including ActiveSync. Using this cmdlet, AirWatch can block particular devices or users from accessing ActiveSync based on the device compliance and user compliance to MDM policies. AirWatch specifically uses the following arguments to this cmdlet. For example:

  • Set-CASMailbox "acmeuser" - ActiveSyncAllowedDeviceIDs{Appl123456ABCD78} - ActiveSyncBlockedDeviceIDs $null - ActiveSyncEnabled $true
    Note:

    The Set-CASMailbox cmdlet operates on one mailbox at a time and can configure properties for Exchange ActiveSync. You can configure a single property or multiple properties by using one statement.

  • ActiveSyncAllowedDeviceIDs - Helps to whitelist particular device IDs that can access the mailbox through ActiveSync. The ActiveSyncAllowedDeviceIDs parameter accepts a list of device IDs that are allowed to synchronize with the mailbox.
  • ActiveSyncBlockedDeviceIDs - Helps to blacklist particular device IDs that cannot access the mailbox using ActiveSync. The ActiveSyncBlockedDeviceIDs parameter accepts a list of device IDs that are not allowed to synchronize with the mailbox.
  • ActiveSyncEnabled - Helps to enable or disable ActiveSync access for a particular mailbox. The ActiveSyncEnabled parameter specifies whether to enable Exchange ActiveSync.

Get-CASMailbox

Returns the list of attributes of a mailbox. This cmdlet is also used for performing one time sync of mailbox. For example:

  • Get-CASMailbox "acmeuser"|Select ActiveSyncAllowedDeviceIDs,ActiveSyncBlockedDeviceIDs
  • Get-CASMailbox –Filter $filter $–ResultSize Unlimited
  • Get-CasMailbox –Identity $identity

Set-ADServer Settings

  • Set-AdServerSettings –ViewEntireForest $true/$false

Get-ActiveSyncDevice

Retrieves a list of devices in your organization that have active Microsoft Exchange ActiveSync partnerships. This cmdlet is also used for performing one time sync of mailbox. Administrators must now select the Exchange 2010 MEMconfig option for 'Get-ActiveSyncDevice', and the Exchange 2013/Office 365 option for 'Get-MobileDevice'.

For Exchange 2010:

  • Get - ActiveSyncDevice –Mailbox "acmeuser"
  • Get-ActiveSyncDevice –ResultSize Unlimited
  • Get-ActiveSyncDevice –Mailbox $mailbox

For Exchange 2013/2016/Office 365:

  • Get-MobileDevice –Mailbox "acmeuser"
  • Get-MobileDevice –ResultSize Unlimited
  • Get-MobileDevice –Mailbox $mailbox

AW-Get-ADGroups

The Get-ADGroup cmdlet gets a group or performs a search to retrieve multiple groups from an Active Directory. For example:

  • Get-OrganizationalUnit

Clear-ActiveSyncDevice

Deletes all user data from a mobile phone the next time that the device receives data from the server (for example, syncs with Microsoft Exchange Server 2010). Sets the DeviceWipeStatus parameter to $true in Exchange. For example:

  • Clear-ActiveSyncDevice –Identity $identity –Confirm $true/$false

Remove-PSSession

Closes or ends the Windows PowerShell session.