Is it OK to remove Exchange activeSync devices from AD users with ldap queries instead of powershell Exchange snapin remove-mobiledevices ?

Frederic Dussurget 21 Reputation points
2021-10-27T09:20:33.72+00:00

Hi there,

  • in our University, AD users are fed by an external classical ldap connector (python script with ldapadd/modify/delete queries).
  • We have echange On Premise 2016 and an o365 tenant synced by AADC but my question is related to on premise exchange 2016 mailboxes.
  • The external python script and is now able to remove mobileDevices Users' children objects with ldap queries since the service account running the python script is member of the exchange "helpdesk" role that can manage ActiveSyncs mobileDevices.

I would just like to know if it's considered OK to do it this way instead of using the exchange management cmdlet remove-mobileDevice ? I understand it wouldn't be best practice ... but are we going to get orphans objects somewhere in our Directory doing this with ldap queries ?

Thanks a lot

Regards,

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,858 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,350 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,364 questions
0 comments
Accepted answer
  1. Andy David - MVP 141.6K Reputation points MVP
    2021-10-27T11:48:41.86+00:00

    If you remove from AD directly that way, it would be fine, however I would test to ensure it cleans things up.
    I have done this many times (removing that entry directly) and it works.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,356 Reputation points
    2021-10-29T12:53:08.91+00:00

    Hello @Frederic Dussurget ,

    Thank you for your question and for getting in touch. My name is Samuel and I would be more than happy to help you with your query.

    I find it interesting that you take a calm look at this article below for you to understand the correct way to do this removal, using the "Remove-ActiveSyncDevice":

    https://learn.microsoft.com/en-us/powershell/module/exchange/remove-activesyncdevice?view=exchange-ps

    ----------

    --If the answer is helpful, please vote positively and accept as an answer--