7,023 questions
I think this is the sort of thing you're looking for: removing-leaf-objects-from-active-directory
LDAP query leaf object
R3K3
41
Reputation points
Looking for a way to use Powershell to query leaf objects of an AD account. In particular, I am trying to query the ExchangeActiveSync leaf objects under a user account in AD. I am able to query the AD account in Powershell itself, but not sure about a way to view the leaf objects of that account.
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | PowerShell
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 99%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
James T 1 Reputation point2022-12-17T05:36:09.843+00:00 Hi,
I was looking for the exact same thing for months. I have a list of users and $exchuser represents an entry from the list. I finally came up with a solution using the ActiveDirectory module:
Get-ADObject -SearchBase (get-aduser $exchuser) -Filter {Objectclass -eq 'msExchActiveSyncDevice' -or Objectclass -eq 'msExchActiveSyncDevices'} | Remove-ADObject -confirm:$FalseI added ( -or Objectclass -eq 'msExchActiveSyncDevices') for anyone that is intending to delete the account.
Hopefully this helps out anyone else looking for something similar.
Sign in to comment
Accepted answer
3 additional answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Rich Matheisen 47,901 Reputation points2020-11-12T19:33:33.057+00:00 Is there a reason you aren't using the Exchange cmdlets to do this?
I'm pretty sure the cmdlet Get-CASMailbox would return what you need.
-
R3K3 41 Reputation points
2020-11-12T20:25:50.593+00:00 The data for ActiveSync connections is stored in the leaf objects, every so often I have users that build up a large number of these due to ActiveSync code and they need to be erased. Using Exchange is too slow to run this query against thousands of users, my environment is fortune 20 level. When I run the following command I can see ActiveSync connections in Exchange..
Get-ActiveSyncDeviceStatistics -Mailbox $user | sort LastSuccessSync -Descending | ft LastSuccessSync,DeviceType,DeviceModel,DeviceOS,Guid,Status
I am trying to delete the ones in the above list that have a LastSuccessSync date of older than X days, say 30 in this example. I would much rather have this run at the LDAP level than on my Exchange servers.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 77%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Saran Raj (AP) 1 Reputation point2022-09-12T21:03:37.157+00:00 How to get the mobiledevicesstatistics for multiple users / all users in AD.
-
Rich Matheisen 47,901 Reputation points
2022-09-13T02:18:07.637+00:00 See "Example 2" in the help for the Get-ActiveSyncDeviceStatistics cmdlet.
Sign in to comment -
-
R3K3 41 Reputation points
2020-11-13T20:16:51.253+00:00 Nice. Thanks, that gave me the ideas I needed.