A user deleted and recreated their mobile account which landed their mobile device into quarantine but it was unable to be approved. Also, quarantined devices for users who have been deleted or disabled cannot be removed using the GUI.
The issue seems to be that there are two sets of data to keep track of mobile devices on the server. The device could not be approved, because it was already approved and was stuck in quarantine. Rejecting the device added it as an unapproved device for the user.
First I needed to delete some “zombie” devices. Step one was to set Powershell scope to the whole forest:
Set-AdServerSettings -ViewEntireForest $true
Then get a list of mobile devices:
get-mobiledevice |fl UserDisplayName,Guid,DeviceType
I then pick out the phone that I need to delete and remove it:
Remove-MobileDevice -Identity
For the next issue, I need to Get the User’s ID:
get-casmailbox |fl Identity
Then I need the device ID that I need to change (this will be the same Device ID in the management GUI for Exchange):
get-casmailbox -Identity |fl ActiveSyncBlockedDeviceIds,ActiveSyncAllowedDeviceIds
Then set delete/add the device to the Blocked or Allowed lists:
Set-CASMailbox -Identity -ActiveSyncBlockedDeviceIDs @{remove=”}
OR
Set-CASMailbox -Identity -ActiveSyncAllowedDeviceIDs @add=”}