#With this command you do not need to install the Exhange Management Shell on the server, change the fqdn Cas-server.ldap389.local

$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://Cas-server.ldap389.local/PowerShell/
Import-PSSession $s -allowclobber

#Import the AD module installed on the server
import-module activedirectory

#Change the DN of the AD group who grant the ActiveSync access
$groupDN = "CN=LDAP389-ACTIVESYNC,OU=Groups,OU=HQ,DC=ldap389,DC=local"

$members = Get-ADGroupMember -Identity $groupDN -Recursive | Get-ADUser -Properties mail
$allcas = get-mailbox -ResultSize:unlimited | Get-CASMailbox

$users= $allcas | where-object {$_.ActiveSyncEnabled -eq $true}

foreach($user in $users)
	{
	$is = ""
	$is = $members |  where {($_.DistinguishedName -eq $user.DistinguishedName )}

		if (!$is) {
		
		Set-CASMailbox -identity $user.DistinguishedName –ActiveSyncEnabled $false -confirm:$false -whatif

		#Log file is created in folder C:\Exch_Script, change if necessary

		(get-date).Tostring() + ' ' + [string] $user.PrimarySmtpAddress| Out-file C:\Exch_Script\disable.txt -append
		}
	
	}

foreach($member in $members)
	
	{$is2 = ""
	$is2 = $allcas | where-object {$_.DistinguishedName -eq $member.DistinguishedName}

		if (!$is2.ActiveSyncEnabled){
			Set-CASMailbox -identity $member.DistinguishedName –ActiveSyncEnabled $true -confirm:$false

			#Log file is created in folder C:\Exch_Script, change if necessary

			(get-date).Tostring() + ' ' + [string] $member.mail | Out-file C:\Exch_Script\enable.txt -append
			}
	}