Today I had to remotely wipe a users phone that was setup to our Exchange 2010 server through ActiveSync. I haven’t done this yet, since we are migrating from BlackBerry’s and usually just do a Remote Wipe on the BES server, so I figured I would try it out with ActiveSync and get a documented process and KB article created.
Ran the following commands in the Exchange Management Shell
Get-ActiveSyncDeviceStatistics -Mailbox bstollfus | fl Identity
Identity: internal.domain.com/Information_Systems/SystemsAdmins/Users/Brad Stollfus/ExchangeActiveSyncDevices/SAMSUNGPHD710SAMSUNGA00000F78349FA
Clear-ActiveSyncDevice -Identity internal.domain.com/Information_Systems/SystemsAdmins/Users/Brad Stollfus/ExchangeActiveSyncDevices/SAMSUNGPHD710SAMSUNGA00000F78349FA -NotificationEmailAddress “firstname.lastname@example.org
Initially the wipe didnt work so I rebooted the phone which didnt resolve the issue so I started to look into why. It turns out that because the way ActiveSync works with the remote wipe flag, if the user is disabled in Active Directory, the phone is unable to authenticate (obviously) and the remote wipe flag can not get received by the phone if it is unable to authenticate.
Here is an article that goes into the details a little bit more.