ActiveSync Remote Wipe caveat

Today I had to remotely wipe a users phone that was setup to our Exchange 2010 server through ActiveSync.  I haven’t done this yet, since we are migrating from BlackBerry’s and usually just do a Remote Wipe on the BES server, so I figured I would try it out with ActiveSync and get a documented process and KB article created.

Ran the following commands in the Exchange Management Shell

Get-ActiveSyncDeviceStatistics -Mailbox bstollfus | fl Identity

Identity: Stollfus/ExchangeActiveSyncDevices/SAMSUNGPHD710SAMSUNGA00000F78349FA

Clear-ActiveSyncDevice -Identity Stollfus/ExchangeActiveSyncDevices/SAMSUNGPHD710SAMSUNGA00000F78349FA -NotificationEmailAddress “

Initially the wipe didnt work so I rebooted the phone which didnt resolve the issue so I started to look into why.  It turns out that because the way ActiveSync works with the remote wipe flag, if the user is disabled in Active Directory, the phone is unable to authenticate (obviously) and the remote wipe flag can not get received by the phone if it is unable to authenticate.

Here is an article that goes into the details a little bit more.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s