EAS devices still sync after an account is disabled or a password is changed


Exchange ActiveSync (EAS) devices continue to synchronize after their account has been disabled. Devices also connect using an old password, after the password has been changed.


When an EAS device is set to synchronize items as they arrive (Direct Push), any changes made to the user's account in Active Directory can require 8 to 24 hours before the device recognizes those changes.

When using Direct Push, devices maintain an open connection to the server. Any changes made after the connection is established will not take effect immediately.


Any of the following methods will force the device to reconnect on a new connection. 

Reset IIS

  1. On the Client Access Server(s) that the device connects to, click Start, click Run and type CMD and then press ENTER.
  2. Type iisreset and press ENTER.

This will restart IIS services.  You can also use the Services.msc snap-in to manually Restart the IIS Admin service.

Recycle the Application Pool used by ActiveSync

  1. Click Start, click Administrative Tools, click Internet Information Services (IIS) Manager.
  2. Expand the server name.
  3. Click Application Pools.
  4. Right click the MSExchangeSyncAppPool and click Recycle

NOTE: In Exchange 2003, Exchange ActiveSync shares the same Application Pool with Outlook Web Access.

Configure the device to use a manual sync mode

Depending on the device type, modify the synchronization settings to use a Manual sync and then wait a few minutes for the connection to be reset.  On the next manual sync attempt, a new connection is established.

Shutdown the device

Power off the device and wait a few moments, then turn it back on.

More Information

For more information on this topic, including other services impacted in this scenario, see the following topic from the TechNet Wiki online:

Exchange Best Practices for untrusted mailbox