Remove Devices in EXO using ForEach statements

I looking to remove activesync devices associated with a user.
I’m having issues with the part2 “The operation couldn’t be performed because xxxxxxxxxxxx matches multiple entries.”

#import users
$users = Get-Content -Path “C:\RemoveActiveSync.txt”

#Part 1:Remove allowed and blocked devices
foreach ($user in $users){Set-CASMailbox -Identity $user -ActiveSyncAllowedDeviceIDs:$null; Set-CASMailbox -Identity $user -ActiveSyncblockedDeviceIDs:$null}

#Part 2:Remove the device partnership from the user.
foreach ($user in $users){
$EASDEVICES = Get-MobileDevice -Mailbox $user | select Identity
foreach ($EASDEVICE in $EASDEVICES) {Remove-MobileDevice -Identity $EASDEVICE.identity -Confirm:$false
}
}

Do you have a duplicate entry in your RemoveActiveSync.txt file?

No duplicate entries in the list.
Can you tell me if the syntax looks correct for the nested foreach?

I’m not familiar with the MobileDevice commands, but the online help doesn’t show an “Identity” parameter as output from Get-MobileDevice. If it is there, its clearly not a unique ID. You should run the command manually and output all of the fields. Pick an appropriate identity parameter that will be unique. My guess would be DeviceID.

Get-MobileDevice -Mailbox someuser | fl *

Ron has a good point there.

Check the help system, but also the help online: https://technet.microsoft.com/en-us/library/jj218674(v=exchg.160).aspx

This works for me, for a single user:

$easDevice = Get-MobileDevice -Mailbox demouser1@runas.io | select Identity
foreach ( $easDevice in $easDevices ) { Remove-MobileDevice -Identity $easDevice.Identity -Confirm:$false }

To verified the identity part, I checked the $easDevice variable. This containss the following array, which are correct entries for the -Identity parameter of Remove-MobileDevice:

Identity
--------
demouser1\ExchangeActiveSyncDevices\iPhone§Q57MITBC7145V72VMA0TUC6SO4
demouser1\ExchangeActiveSyncDevices\REST§Outlook§2f1f08887682f06855d2e97abf92b110
demouser1\ExchangeActiveSyncDevices\REST§Outlook§fad84ba321b2c5baedd00c387a99d9d6
demouser1\ExchangeActiveSyncDevices\iPhone§DJV96HE3PL4PDFG64A2I6Q6FVC

This script is working. A few users are causing this error. “The operation couldn’t be performed because ‘xxxxxxx\ExchangeActiveSyncDevices\iPhone§3xxxxxxxxxxxxxxxxxxxx’ matches multiple entries.”

I going to pull them out of the list and manually try to remove the device.

foreach ($user in $users){Set-CASMailbox -Identity $user -ActiveSyncAllowedDeviceIDs:$null; Set-CASMailbox -Identity $user -ActiveSyncblockedDeviceIDs:$null}

foreach ($user in $users){
$EASDEVICES = Get-MobileDevice -Mailbox $user | select Identity; foreach ($EASDEVICE in $EASDEVICES) {Remove-MobileDevice -Identity $EASDEVICE.identity -Confirm:$false}
}

Thanks Richard for the tweak !!!

No problem. I’m happy it worked for you.