Process ActiveSync Enabled Mailboxes

As an email service provider for a large number of different companies, we need to be able to adapt to their needs. One of those needs was to have larger control over which of their employees can use an ActiveSync device. This meant that we had to lock down a large number of the mailboxes that do not get access. My solution was this script. To run this script you'll need: Exchange Management Tools and Quest ARS Powershell cmdlets.

What this script does: 

1. Find all ActiveSync enabled mailboxes. I use an AD Directory Searcher method, so reading the values on 100,000 mailboxes only takes a few minutes, not hours.
2. Reads an "Exchange ActiveSync Opt-in" group, containing groups and/or mailboxes. 
3. Disables all mailboxes not in the Opt-In group. Enable all mailboxes in Opt-In group.
4. Look at nested groups in Exchange ActiveSync Opt-in, compare names to ActiveSync Mailbox Policies in Organization, if matches, apply policy to all mailboxes in group.