The ActiveSyncDevice Cannot be Found–unable to delete Active Sync Devices in Exchange 2010

This error occurs when inheritable permissions are not enabled on a mailbox. You will see this error when trying to remove an ActiveSync Device:

image

To fix this, first enable ‘Advanced Features’ in ADUC:

image

Then open the user’s properties and browse to the Security tab. Click ‘Advanced’ and then place a check in the box labeled ‘Include inheritable permissions from this object’s parent’. Click OK twice to apply. Wait for AD to replicate to your GC’s then retry the action in Exchange. It will now remove the device successfully.

  • Bernard Dejonckheere

    Hi,
    we reported also an important related bug through PSS call [REG:111070135980114] 
    If you move a user with an associated activesync device to another OU in your AD , you can’t manage that device anymore.
    A remote wipe doesn’t work anymore.
    Microsoft confirmed this bug but isn’t willing to fix it.

  • John Sneddon

    No Powershell? Lame… :P

  • eli

    i encountered the same issue but in my case the user was moved to another OU and didnt sync with this device anymore so i just grabed the device identity and changed the OU in it and it did remove it
    example:
    the original format:
    Remove-ActiveSyncDevice -Identity ‘domain/Users With no Policy/Username/ExchangeActiveSyncDevices/iPad§ApplVxxxxxxxxx’

    the new format:
    Remove-ActiveSyncDevice -Identity ‘domain/Users/Username/ExchangeActiveSyncDevices/iPad§ApplVxxxxxxxxx’

  • Agalliasis

    We had a similar issue and yes, 2 of the devices that couldn’t be removed from AD were because the User Profile was moved to another OU.  When we moved it back to the OU it was looking in we were able to remove the device.  We had a whole other list of devices that wouldn’t delete with the same error yet they were in the correct OU.  The script below worked for us because we were able to get a list of the accounts that had a device partnership.  Then for each of those users in the “List” we got the devices that hadn’t successfully synced in more than 30 days, selecting the guid from each.  Using the specific guid to target/filter on the script will remove each one by one.  Warning: the “-confirm:$False” shouldn’t be used until you are sure this is working correctly for you.

    $List = (Get-CASMailbox -ResultSize unlimited -Filter{(HasActiveSyncDevicePartnership -eq $true) -AND (name -notlike “cas_*”) -AND (name -notlike “DiscoverysearchMailbox*”)})

    ForEach ($Item in $List)

    {

    $DevInfo = Get-ActiveSyncDeviceStatistics -Mailbox:$Item.Identity | Where-Object {$_.LastSuccessSync -lt (Get-Date).AddDays(“-30″)} | Select-Object guid

    ForEach ($Dev in $Devinfo)

    {

    $Guid = $Dev.guid

    Get-ActiveSyncDevice | Where-Object {$_.guid -eq $guid} | Remove-ActiveSyncDevice -confirm:$False

    Write-Host “$Guid has been deleted”

    }

    }