When you setup a corporate Exchange mail system users can access their mailbox on most mobile devices (iPhone, Android, Windows Phone…) through the ActiveSync protocol. For blackberry owners to access your mail system, you need to setup a BES infrastructure.
The purpose of this Powershell script is to make an inventory of all the mobile devices accessing your Exchange mail system. First we will retrieve BlackBerry devices information by querying the BES SQL configuration database, then the other devices using the ActiveSync protocol by querying the Active Directory.
BlackBerry Inventory:
Your BackBerry system configuration is stored in the BESMGMT SQL database, among other things you will find information about the Blackberry devices connecting to your mail system. We will query three tables in that database:
- UserConfig: Contains among others the user’s Email address (MailboxSMTPAddr value).
- SyncDeviceMgmtSummary: Blackberry model and OS version (ModelName and AppsVer).
- UserStats: Time the last message was received by the BlackBerry (LastFwdTime).
If you browse the database with SQL Management Studio you can see all that information:
Image may be NSFW.
Clik here to view.
You just need to use Powershell to connect to the SQL database and retrieve those values for each user. The primary key between the three tables is the ID value. We will filter only the users who received an Email during the last 60 days (LastFwdTime).
$days = 60
$dbServer = "SQLBES-SRV"
$db = "BESMgmt"
#If you use SA account to connect database, change pwd=XXXXXX!, or use Windows Authentication, see below
$connString = "Server=$dbServer;Database=$db;uid=sa;pwd=XXXXXX"
#If you use Windows Authentication to connect BESMGMT SQL Database, need setup the database
#$connString = "Server=$dbServer;Database=$db;Integrated Security=True"
#SQL Query to retrieve BB devices Info (only devices who recieved mail in the last $days)
$Query = "Select UserConfig.DisplayName,MailboxSMTPAddr,ModelName,LastFwdTime,AppsVer from UserConfig,SyncDeviceMgmtSummary,UserStats where UserConfig.ID=SyncDeviceMgmtSummary.UserConfigID AND UserConfig.ID=UserStats.UserConfigID AND DeviceType <> 0 AND ModelName <> '' AND DateDiff(dd,LastFwdTime,GETDATE()) < "+$days
#Connect to Database, run Query, Disconnect
$SqlConnection = New-Object
System.Data.SqlClient.SqlConnection
$SqlConnection.ConnectionString = $connString
$SqlCmd = New-Object System.Data.SqlClient.SqlCommand
$SqlCmd.CommandText = $Query
$SqlCmd.Connection = $SqlConnection
$SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
$SqlAdapter.SelectCommand = $SqlCmd
$DataSet = New-Object System.Data.DataSet
$SqlAdapter.Fill($DataSet)
$SqlConnection.Close()
$bbs = $DataSet.Tables[0]
If you need more details on how to query the BESMGMT database you can read this post or this forum topic, which discusses how to query the database with SQL 2008 CmdLets (you will need to install the Microsoft SQL Server 2008 Feature Pack.) The above script uses the .NET System.Data.SqlClient Namespace, so you won't need any additional installation. All the information about your user's Blackberry devices is retrieved in the $bbs variable.
ActiveSync Inventory:
For other mobile devices connecting to your mail system it is more simple because they use the ActiveSync protocol, and all the information you need is stored in the Active Directory. Florian's blog post explains that msExchActiveSyncDevice objects are a subcontainer of your AD account. Just open dsa.msc to check this out:
Image may be NSFW.
Clik here to view.
Thanks to the Exchange Management Shell (2007 and 2010), the Get-ActiveSyncDeviceStatistics cmdlet gives you all the information you need about the msExchActiveSyncDevice objects. You can read Ben Lye's post to know how to identify ActiveSync users. With that Cmdlet we will retrieve the following values:
- DeviceType: Mobile type (Iphone, WP, Android...)
- DeviceModel: Mobile model (HTC, LG, Samsung, Iphone...)
- DeviceUserAgent: OS build is displayed in that value (Iphone, WP, Android...)
- LastSuccessSync: Last successful device synchronization, like BlackBerry devices we will filter only users who successfully synchronized during the last 60 days
We retrieve more or less the same information as the one retrieved with the SQL query for Blackberry devices.
How the script works:
We will describe how to aggregate both queries. First we query the BESMGMT SQL database to retrieve Blackberry devices information. For each Email address MailboxSMTPAddr we also check if the user has a device using the ActiveSync protocol (when you are a real VIP you have a Blackberry and an iPad Image may be NSFW.
Clik here to view.
) by using the following Powershell command:
$acts = Get-ActiveSyncDeviceStatistics -Mailbox $bb.MailboxSMTPAddr
if (($acts | Measure-object).count -eq 0)
{User has just one BB no ActiveSync device}
else {User has one ActiveSync device in addition to BB}
Once the Blackberry inventory is done we load every Exchange mailbox with this command:
$Mailboxes = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited
Then we compare the PrimarySmtpAddress value (retrieved with the get-mailbox Cmdlet) with every MailboxSMTPAddr value (stored in the $BESsmtpArray variable) in order to exclude the users already processed during the BlackBerry devices inventory. For each remaining user we check if they have any devices using the ActiveSync protocol. The result of the inventory is written in a CSV file containing the following information:
- User's Email address.
- Number of mobile devices (ActiveSync + BlackBerry).
- Device type: BlackBerry, IPhone, WP, Android...
- Device model: BlackBerry model, Samsung, HTC, LG...
- OS version.
- Last connection: Last mail received on the BlackBerry device, last ActiveSync synchronization.
Here is an example of inventory result imported in Excel:
Image may be NSFW.
Clik here to view.
Just modify the following variables in the script and launch it from the Exchange management shell:
- $days: Inactivity threshold in days (default is 60).
- $dbServer: Name of the server hosting the SQL BES configuration database.
- $connString: Authentication to the SQL database (Windows integrated or with SA account).
To download the full script, just click below:
Image may be NSFW.
Clik here to view.
PS: The script was tested under Exchange 2010 and BES 5.02, thanks for your feedback on other versions.