You must create a Windows® account with a Microsoft® Exchange 2010 mailbox so that the Windows account can authenticate with the Microsoft® Exchange Server.

1. On the computer that hosts Microsoft Exchange, log in using an administrator account that has the permission to create accounts.
2. Open the Microsoft Exchange Management Console.
3. Create an account and mailbox that you name BESAdmin.
4. To permit the BlackBerry® Enterprise Server to check if a BlackBerry device user has permission to access a public folder, assign the Owner permission for all public folders to the administrator account.

• To verify that you created the Windows account, log in to a computer using the Windows account.
• Verify that the Windows account is not a member of the Domain Administrators group in Microsoft® Active Directory®.
• Verify that BlackBerry device users have Read permissions and Visible permissions to public folders.
• To permit BlackBerry device users to check the availability of meeting participants using BlackBerry® Device Software 4.5 or later, configure the Schedule+ Free/Busy information for the system public folder. For more information, visit http://technet.microsoft.com to read articles 629523 and 691129.

Verify the domain name in Microsoft® Active Directory®. When you set the permissions, you must match the domain name in Microsoft Active Directory.

1. On a computer that hosts the Microsoft® Exchange Management Shell, open the Microsoft Exchange Management Shell.
2. Type Get-MailboxDatabase | Add-ADPermission -User "BESAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin.
3. Type Add-RoleGroupMember "View-Only Organization Management" -Member "BESAdmin".
4. Do one of the following:
   • To set the permissions at the organizational unit level, type the following command:

     Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "OU=<organizational_unit>,DC=<domain_1>,DC=<domain_2>,DC=<domain_3>"

     For example, if the organizational unit is Texas and the domain name is example.organization.net, type Texas for <organizational_unit>, example for <domain_1>, organization for <domain_2>, and net for <domain_3>.

   • To set the permissions at the common name level, type the following command:

     Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "CN=<common_name>,DC=<domain_1>,DC=<domain_2>,DC=<domain_3>"

     For example, if the common name is Users and the domain name is example.organization.net, type Users for <common_name>, example for <domain_1>, organization for <domain_2>, and net for <domain_3>.

   In each command, <domain_1>, <domain_2>, and <domain_3> form the internal Microsoft Active Directory domain (if internal and external domain names are different). You can contact your Microsoft Active Directory administrator for information about distinguished names.

1. On a computer that hosts the Microsoft Exchange Management Shell, open the Microsoft Exchange Management Shell.
2. Type New-ThrottlingPolicy BESPolicy.
3. Type the following command: Set-ThrottlingPolicy BESPolicy -RCAMaxConcurrency $null -RCAPercentTimeInAD $null -RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null -EWSMaxConcurrency $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null -EWSMaxSubscriptions $null -EWSFastSearchTimeoutInSeconds $null -EWSFindCountLimit $null
4. Type Set-Mailbox "BESAdmin" -ThrottlingPolicy BESPolicy.

By default, Microsoft® Exchange 2010 limits the maximum number of connections from the BlackBerry® Enterprise Server to the Address Book service to 50. To permit the BlackBerry Enterprise Server to run, you must increase the number of permitted connections to a large value (for example, 100,000).

1. On the computer that hosts the Microsoft Exchange CAS server, in <drive>:\Program Files\Microsoft\Exchange Server\V14\Bin, in a text editor, open the microsoft.exchange.addressbook.service.exe.config file.
2. Change the value of the MaxSessionsPerUser key to 100000.
3. Save and close the file.
4. Restart the Address Book service.

If you want the BlackBerry® Enterprise Server to use Microsoft® Exchange Web Services to manage calendars on BlackBerry devices, you must configure a management role for Microsoft Exchange Web Services in Microsoft Exchange 2010.

For more information about configuring the BlackBerry Enterprise Server to use Microsoft Exchange Web Services, see the BlackBerry Enterprise Server Administration Guide.

1. On a computer that hosts the Microsoft Exchange Management Shell, open the Microsoft Exchange Management Shell.
2. Type New-ManagementRoleAssignment -Name "BES Admin EWS" -Role ApplicationImpersonation -User "BESAdmin".

1. On each computer that hosts the BlackBerry Enterprise Server, click Start > Run.
2. In the Open field, type regedit.
3. Click OK.
4. Perform one of the following actions:
   • If you are running a 32-bit version of Windows®, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Messaging Subsystem\CDO.

   • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Messaging Subsystem.

5. If the CDO registry key does not exist, create a registry key that you name CDO.
6. In the CDO registry key, if the DWORD value does not exist, create a DWORD value that you name Ignore No PF.
7. Change the DWORD value to 1.
8. Click OK.