Friday, August 5, 2011

Mobile phones continue to synchronize via ActiveSync, after account is disabled

It turns out, if you change password on an AD user, the user can still synchronize his mobile devices.
 OWA(Outlook Web App) won't work, and I'm not sure with Outlook Anywhere.
 I thought this should not be possible, but I could see that a user still synchronized his Mobile device, after password change.
 It seems that expiring and/or disabling the account neither works.

 I found that others was having this problem to, and the only solution found on the web, was to restart the IIS service on the CAS servers.
 So it appears that that IIS server keeps creating new tokens for Exchange traffic, even after account is disabled.

 However, I found that disabling OWA and ActiveSync on the mailbox under "Mailbox features" did the trick.
 The device was unable to synchronize, within a minute after I disabled the 2 features.