User's rights to manage Exchange ActiveSync mobile devices
To manage mobile devices running under the Exchange ActiveSync protocol with Microsoft Exchange Server 2010 or Microsoft Exchange Server 2013, make sure that the user is included in a role group for which the following commandlets are allowed to execute:
- Get-CASMailbox
- Set-CASMailbox
- Remove-ActiveSyncDevice
- Clear-ActiveSyncDevice
- Get-ActiveSyncDeviceStatistics
- Get-AcceptedDomain
- Set-AdServerSettings
- Get-ActiveSyncMailboxPolicy
- New-ActiveSyncMailboxPolicy
- Set-ActiveSyncMailboxPolicy
- Remove-ActiveSyncMailboxPolicy
To manage mobile devices running under Exchange ActiveSync protocol with Microsoft Exchange Server 2007, make sure that the user has been granted administrator rights. If the rights have not been granted, execute the commandlets to assign the administrator rights to the user (see the table below).
Administrator rights required for managing Exchange ActiveSync mobile devices on Microsoft Exchange Server 2007
Access | Object | Cmdlet |
---|---|---|
Full | Branch "CN=Mobile Mailbox Policies,CN=Your Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=yourdomain" |
|
Read | Branch "CN= Your Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC= yourdomain" |
|
Read/write | Properties msExchMobileMailboxPolicyLink and msExchOmaAdminWirelessEnable for objects in Active Directory |
|
Full | Mailbox repositories for ms-Exch-Store-Admin |
|
For detailed information about how to use commandlets in Exchange Management Shell console, please refer to the Microsoft Exchange Server Technical Support website.