Find Device ID for Exchange ActivsyncSupport


Last Updated:

  1. beatledud

    beatledud Member This Topic's Starter

    Joined:
    May 28, 2010
    Messages:
    6
    Likes Received:
    0
    I'm trying to sync and employee's new HTC Droid Incredible to our exchange server. Using the Exchange shell prompt I enter in the person's device id and alias to authorize just that device to sync with their account. Once I do that, no other device can sync in the future unless I enter the command line again with the new Device ID.

    The command I use is:
    Set-CASMailbox -Identity: "tonysmit" -ActiveSyncAllowedDeviceIDs: "<DeviceID_1>"


    This employee had an old Motorolla Droid already synced using this method, so their account is 'locked' until I enter in the new Device ID. I have another employee who has their Incredible successfully synced, but it was their first device. When I first sync a device with an employee who's never had one associated before, I go into Outlook Anywhere webmail, and can see the device ID. Based off of the second employee, the Incredible's Device ID isn't based off of the serial number or any other device info. I even downloaded ID and My Phone Info from the marketplace store, and none of those numbers that it reports back resemble anything with the ActiveSync Device ID of the successful employee. For iPhones, it's simple, just add Appl to the serial number and that's the phone's device ID. Any thoughts on how to get the ActiveSync device ID on an Incredible with out first successfully syncing it to the account first?
     

    Advertisement
  2. bjanow

    bjanow Well-Known Member

    Joined:
    Dec 3, 2009
    Messages:
    2,763
    Likes Received:
    477
    Where do you see the device ID in Outlook Anywhere? (Outlook Anywhere is not webmail AFAIK) Why do you need the device ID anyway? Is there any way you can explain what you want to do in a clearer way?
     
  3. beatledud

    beatledud Member This Topic's Starter

    Joined:
    May 28, 2010
    Messages:
    6
    Likes Received:
    0
    Sorry, webmail. To see a Device ID login via IE. Hit Options then Mobile Devices. It should show you all the devices that have synced with your account, last sync time, and the unique Device ID for each. Here you can remove them from the list or do a remote wipe.

    To explain the situation in a different way. When you enable activesync on a user, they can then sync their phone, doesn't matter what or how many, right?

    Well if you go through Exchange Shell and enter in the command I showed before, you turn on a switch in Exchange. That switch now says, only Device IDs that are entered by the Admin through the shell command can sync with this user. This allows us to say to employees, yes, you can sync your personal phone, but we aren't going to let you sync any other phones. By default activesync is disabled for security reasons. By enabling it, we open up employee's ability to sync over devices, and we want to restrict that to devices we know of.

    Now if an employee has never had this command activated, we can sync whatever phones we want. We we do that, I can find the Device ID through webmail, then copy that ID and activate the lock switch using the shell command. But if a user had an old phone already synced and locked, there's no way for me to get the new phone to sync and thusly find the Device ID for it.

    For iPhones (which is all we had done to this point) it was easy because their Device IDs are just Appl[serialnumber]. I have another Employee with an Incredible already synced. Their Device ID in webmail shows HTCAnd[1 letter 7 numbers]. Now I've searched this 1 letter and 7 number combination on everything on the working person's phone, and can not find it. It's not related to the serial number, and I've downloaded two apps from the marketplace that are suppose to get the Device ID, but those don't match the working phone either. This is the problem, I can't figure out where ActiveSync got this Device ID and thusly how to find it on the phone with the locked employee.
     
  4. beatledud

    beatledud Member This Topic's Starter

    Joined:
    May 28, 2010
    Messages:
    6
    Likes Received:
    0
  5. bjanow

    bjanow Well-Known Member

    Joined:
    Dec 3, 2009
    Messages:
    2,763
    Likes Received:
    477
    Great info, I didn't realize you could manage your own devices through OWA, I always did it via the management console. Ok, so now I see what you are trying to do.
    Why would you want to get the new phone to sync without removing the old one? All you would need to do is remove the first phone, sync the new phone, get the ID and enter the shell command. Right? If the user wanted to have two phones, you would then have to remove the old one and re-enter both IDs on the same command line to lockdown both phones. Wouldn't that accomplish what you want to do?
     
  6. bjanow

    bjanow Well-Known Member

    Joined:
    Dec 3, 2009
    Messages:
    2,763
    Likes Received:
    477
    From your link and others I just found:

    There is currently no built in functionality for retrieving the device ID in advance before the user syncs with Exchange.
     
  7. beatledud

    beatledud Member This Topic's Starter

    Joined:
    May 28, 2010
    Messages:
    6
    Likes Received:
    0
    From my understanding you can either enable or disable Device IDs. But once you do one or the other you lock the account. You can enable as many as you want, or disable as many as you want. Disabling a Device ID doesn't open the account back up, but I'll try just incase.

    And balls, there should be some way to get the Device ID. I can't see this NOT being an issue for large Enterprises as Android becomes as common place as the iPhone has become.
     
  8. bjanow

    bjanow Well-Known Member

    Joined:
    Dec 3, 2009
    Messages:
    2,763
    Likes Received:
    477
    If that is the case, then the only way, it seems, to get the Device ID is to have another Exchange server to pull the ID. That just can't be.

    But from Technet, it says you can't get an ID before you sync. I wonder why Apple has made that available. Nonetheless, there must be a way to open the account up. If not, I would certainly open a case with Microsoft. Let me know how you make out.
     
  9. beatledud

    beatledud Member This Topic's Starter

    Joined:
    May 28, 2010
    Messages:
    6
    Likes Received:
    0
    Well Apple makes it easy because the Device ID is based of the serial number which is easy to pull up.

    I'll let you know what I find if anything.
     
  10. bjanow

    bjanow Well-Known Member

    Joined:
    Dec 3, 2009
    Messages:
    2,763
    Likes Received:
    477
    What if you run the command:

    Set-CASMailbox -Identity: "tonysmit" -ActiveSyncAllowedDeviceIDs:

    with no DeviceID's specified? That might remove them.
     
  11. bjanow

    bjanow Well-Known Member

    Joined:
    Dec 3, 2009
    Messages:
    2,763
    Likes Received:
    477
    Since there is no way to pull a Device ID according to Microsoft, perhaps Apple is missing the boat here by allowing that to be determined before the fact? There must be a reason they don't want the DeviceID being viewed before it syncs up. Perhaps a security issue? Either way, Enterprise customers would probably not be using Apple products as much as WinOS or now Android. I, therefore, don't see it as being an Enterprise limitation.
     
  12. beatledud

    beatledud Member This Topic's Starter

    Joined:
    May 28, 2010
    Messages:
    6
    Likes Received:
    0
    I don't see the security issue. In fact it's better to find out the Device ID to VERIFY and set up security.

    I just paired it with a random account so I could get the Device ID. Wish there was an easier way going on into the future.

    And as far as our company goes, this policy was set up to react to the iPhone, not Android. I also believe that the iPhone has actually licensed Exchange Activesync support longer than Android (Android is purchasing rights from Microsoft now, no? No more Touchdown, right?). Fully true activesync integration makes IT admins happier and more likely to implement the iPhone, plus with the 3G and finally 3GS presented a fully compatabile activesync device. And while the Android market may now be catching up or suprassing the iPhone, the iPhone has been the heavy dominate for a much longer period of time. Also add that ATT said 40% of iPhone users are business customers?!

    Don't want to get in an argument of system wars, but it's kind of a nejerk reaction that most enterprises automatically prefer windows and android devices. Windows, maybe, but where's the evidence for Android? Try searching this question about Device ID and Android...there's nothing. Now try searching it with the iPhone, lots of stuff out there. There's more people asking more questions about enterprise and iPhone now then there is Android. Ok, I'm poking the fire...sorry :)
     
  13. bjanow

    bjanow Well-Known Member

    Joined:
    Dec 3, 2009
    Messages:
    2,763
    Likes Received:
    477
    Too close to happy hour to argue. I like Apple, half my 2000 computer accounts are Mac. I'm not a fan of either, although I do prefer Windows. I use Touchdown exclusively since I can use EAS on multiple accounts. Android native only allows one.

    Pairing it with another account was another way I thought of, but that becomes kludgy. Did you try removing the DeviceID? It's probably too late now anyway since you got it working, but it would certainly be worth a try for the future.

    Anyway, glad you got it going. Enjoy the holiday weekend.
     
  14. cmajkrzak

    cmajkrzak New Member

    Joined:
    Nov 17, 2010
    Messages:
    1
    Likes Received:
    0
    Sorry to raise this thread from the dead, but since I just ran across this today, I wanted to give the answer to this, incase anyone else hits this wall.

    Running

    Set-CASMailbox -Identity: "MailBox.Alias" -ActiveSyncAllowedDeviceIDs:$null

    This will clear the Device ID's on a mailbox, and should allow a new device to be paired with exchange/active sync.
     

Share This Page

Loading...