Home | Troubleshooting |  Quick Setup  |  Cisco How to  |  Data Recovery  |  Forums   | Blog | IT Exam Practice | Services  | About Us | Chicagotech MVP  | Search  | Contact Us  |                  Laptop for rent: $35 per day plus $10 for additional day

rental
 

 

How to assign BlackBerry account permissions to access Exchange

 

1. Assign Local Administrator rights to the BlackBerry account
2. Assign Local Security Policy permissions for the BlackBerry account
3. Assign Exchange permissions to the BlackBerry account at the Administrative Group level
4. Assign Exchange permissions to the BlackBerry account at the Exchange Server level
5. Assign Send As permission to the BlackBerry account at the Domain level


1. Assign Local Administrator rights to the BlackBerry account

For a BlackBerry running on a Domain Controller

  1. Click Start > Programs > Administrative Tools > Active Directory Users and Computers.
  2. Select the Builtin folder.
  3. Double-click Administrators.
  4. On the Members tab, click Add.
  5. Select the BlackBerry account name (besadmin in our example), and then click Add.
  6. Click OK.
  7. Click OK.

For a BlackBerry running on a Member Server

  1. Click Start > Administrative Tools > Computer Management.
  2. In the left pane, expand System Tools and click Local Users and Groups.
  3. In the right pane, double-click Groups.
  4. Right-click Administrators and click Properties.
  5. In the Select Users, Contacts, Computers, or Groups window, select the BlackBerry account name, besadmin.
  6. Click OK.

 


2. Assign Local Security Policy permissions for the BlackBerry account

  1.  For a BlackBerry running on a Member Server. click Start > Administrative Tools > Local Security Policy. For a BlackBerry running on a Domain Controller, click Start > Administrative Tools > Domain Controller Security Policy.
  1. In the Local Securities page, click Local Policies > User Rights Assignment.
  2. Double-click Allow Log on Locally.
  3. Click Add User or Group. Note: if the Add User or Group is grayed out, check this post: Allow Log On Locally in Local Security Policy is grayed out
  4. Select the BlackBerry account name besadmin), and then click Add.
  5. Click OK.
  6. In the Local Security Settings window, double-click Log On As a Service.
  7. Click Add User and then select the BlackBerry account.
  8. Click OK.

 


3. Assign Exchange permissions to the BlackBerry account at the Administrative Group level

To manage BlackBerry smartphone users and groups, you need to assign permission to besadmin at the Exchange Administrative Group lelvel.

For Microsoft Exchange 2000 or 2003

  1. Click Start > Programs > Microsoft Exchange > System Manager.
  2. Select Administrative Groups.
  3. Right-click First Administrative Group/domainname and select Delegate Control.
  4. In the Exchange Administration Delegation Wizard, click Next, and then click Add.
  5. Click Browse and then select the besadmin.
  6. Click OK.
  7. In the Role drop-down list in the Delegate Control window, select Exchange View Only Administrator.
  8. Click OK to add the BlackBerry Enterprise Server service account to the Users and Groups list.
  9. Click Next, and then click Finish.

For Microsoft Exchange 2007

To set an Exchange View Only Administrator role:

  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. In the command prompt window, type the following and then press ENTER:

add-exchangeadministrator <BESAdmin> -role ViewOnlyAdmin

where < BESAdmin> is the name of the BlackBerry  account.

To check an Exchange View Only Administrator role:

  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. In the command prompt window, type the following and then press Enter:

get-exchangeadministrator | Format-List

Verify that the BlackBerry Enterprise Server service account has the ViewOnlyAdmin role.

 


4. Assign Exchange permissions to the BlackBerry account at the Exchange Server level

For Microsoft Exchange 2000 or 2003

  1. Click Start > Programs > Microsoft Exchange > System Manager.
  2. Select Administrative Groups > First Administrative Group/domainname > Servers.
  3. Right-click the Microsoft Exchange Server name and then click Properties.
  4. On the Security tab, select the BlackBerry account besadmin
  5. Select the following permissions from the Permissions list:
    • Administer Information Store
    • Send As
    • Receive As
  1. Click the Advanced button.
  2. Verify that the Select the Allow inheritable permissions from parent to propagate to this object and all child objects option is selected.
  3. Click OK.

For Microsoft Exchange 2007

To set Send As, Receive As, and Administer Information Store permissions, complete the following steps:

  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. Type the following line, and then press Enter:

get-mailboxserver <Exchange2007> | add-adpermission -user <BESAdmin> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

Where < Exchange2007> is the name of the Microsoft Exchange 2007 Server and < BESAdmin> is the name of the BlackBerry Enterprise Server service account.

If inheritiance to the individual mail stores is not enabled, to set the Send As, Receive As, and Administer information store permissions at the store level, complete the following steps from the Exchanage management shell:

get-mailboxdatabase <Exchange2007>\<dbname> | add-adpermission -user <BESAdmin> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

Where <dbname> = 'First storage group\Mail box database'

To verify the Send As, Receive As, and Administer Information Store permissions, complete the following steps:

  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. In the command prompt window, type the following line and press Enter.

get-mailboxserver <Exchange2007> | get-ADpermission -user <BESAdmin> | Format-List

To verify the Send As, Receive As, and Administer Information Store permissions at the mailbox store level, complete the following steps:

  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. In the command prompt window, type the following and press Enter.

get-mailboxdatabase <Exchange2007>\<dbname> | get-ADpermission -user <BESAdmin> | Format-List

For Microsoft Exchange 5.5

The BlackBerry Enterprise Server service account requires the Service Account Admin permissions on the Site container and Configuration container.

 


5. Assign Send As permission to the BlackBerry account at the Domain level

You will need to grant the Send As permission on the besadmin for all BlackBerry smartphone users in a Microsoft® Active Directory® domain or container.

  1. Open Active Directory Users and Computers.
  2. From the View menu, select the Advanced Features option.

Note: If Advanced Features is not selected, the Security tab will not be visible for domain and container objects.

  1. Right-click the appropriate domain or container and then click Properties.
  2. On the Security tab, click Advanced.
  3. Click Add and then select the besadmin.
  4. Click OK.
  5. Double-click the besadmin.
  6. Select User Objects in the Applies Onto list.
  7. Select the Send As check box.
  8. Click Apply and then click OK.
  9. Close the Properties window and then close Active Directory Users and Computers.

 

Post your questions, comments, feedbacks and suggestions

Contact a consultant

Related Topics


 

 


 

 

Hit Counter   This web is provided "AS IS" with no warranties.
Copyright © 2002-2018 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.