Support

Support for business applications

Kaspersky Security Center 14

Kaspersky Security Center 14.2

Other routine work

Mobile Device Management

Managing Exchange ActiveSync mobile devices

User's rights to manage Exchange ActiveSync mobile devices

Kaspersky Security Center
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools

User's rights to manage Exchange ActiveSync mobile devices

April 17, 2024

ID 77974

Get as PDF

To manage mobile devices running under the Exchange ActiveSync protocol with Microsoft Exchange Server 2010 or Microsoft Exchange Server 2013, make sure that the user is included in a role group for which the following commandlets are allowed to execute:

  • Get-CASMailbox
  • Set-CASMailbox
  • Remove-ActiveSyncDevice
  • Clear-ActiveSyncDevice
  • Get-ActiveSyncDeviceStatistics
  • Get-AcceptedDomain
  • Set-AdServerSettings
  • Get-ActiveSyncMailboxPolicy
  • New-ActiveSyncMailboxPolicy
  • Set-ActiveSyncMailboxPolicy
  • Remove-ActiveSyncMailboxPolicy

To manage mobile devices running under Exchange ActiveSync protocol with Microsoft Exchange Server 2007, make sure that the user has been granted administrator rights. If the rights have not been granted, execute the commandlets to assign the administrator rights to the user (see the table below).

Administrator rights required for managing Exchange ActiveSync mobile devices on Microsoft Exchange Server 2007

Access

Object

Cmdlet

Full

Branch "CN=Mobile Mailbox Policies,CN=Your Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=yourdomain"

Add-ADPermission -User <User or group name> -Identity "CN=Mobile Mailbox Policies,CN=<Organization name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<Domain name>" -InheritanceType All -AccessRight GenericAll

Read

Branch "CN= Your Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC= yourdomain"

Add-ADPermission -User <User or group name> -Identity "CN=<Organization name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<Domain name>" -InheritanceType All -AccessRight GenericRead

Read/write

Properties msExchMobileMailboxPolicyLink and msExchOmaAdminWirelessEnable for objects in Active Directory

Add-ADPermission -User <User or group name> -Identity "DC=<Domain name>" -InheritanceType All -AccessRight ReadProperty,WriteProperty -Properties msExchMobileMailboxPolicyLink, msExchOmaAdminWirelessEnable

Full

Mailbox repositories for ms-Exch-Store-Admin

Get-MailboxDatabase | Add-ADPermission -User <user or group name> -ExtendedRights ms-Exch-Store-Admin

For detailed information about how to use commandlets in Exchange Management Shell console, please refer to the Microsoft Exchange Server Technical Support website.

See also:

Scenario: Mobile Device Management deployment

Kaspersky Security Center: Optimization of daily routine tasks
A powerful administration console, with an additional flexible web-based interface that’s available wherever you are. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.