Administration Guide

Local Navigation

Configuring the BlackBerry Enterprise Server Express to use LDAP to retrieve email addresses and organizer data

By default, when BlackBerry® device users search for recipients' email addresses or organizer data, the BlackBerry® Enterprise Server Express uses MAPI to connect to the Microsoft® Exchange Server and retrieve the email addresses or organizer data that is stored in Microsoft® Active Directory®. You can configure the BlackBerry Enterprise Server Express to use LDAP to connect to Microsoft Active Directory directly to retrieve email addresses, organizer data, or both.

When you configure the BlackBerry Enterprise Server Express to use LDAP to retrieve email addresses and organizer data, you help reduce the MAPI connections that the BlackBerry Enterprise Server Express requires which helps improve the performance of the BlackBerry Enterprise Server Express and Microsoft Exchange Server. In a Microsoft® Exchange 2010 environment, if you configure the BlackBerry Enterprise Server to use LDAP, you cannot migrate users to different forests.

You can configure the following options when you configure the BlackBerry Enterprise Server Express to use LDAP to retrieve email addresses and organizer data:
  • Windows® domain that the Microsoft Active Directory uses
  • whether to use LDAPS to connect to Microsoft Active Directory
  • timeout value for the connection to Microsoft Active Directory
  • which contacts the BlackBerry Enterprise Server Express cannot retrieve, if required
  • whether to support a Microsoft Active Directory that you configured for multi-tenancy, if required
  • baseDN of the Microsoft Active Directory tree, if required

Configure the BlackBerry Enterprise Server Express to connect to Microsoft Active Directory

  1. On the computer that hosts the BlackBerry® Enterprise Server Express, click Start > Run.
  2. Type regedit. Click OK.
  3. Perform one of the following actions:
    • If you are running a 32-bit version of Windows®, navigate to HKEY_LOCAL_MACHINE\Software\Research In Motion\BlackBerry Enterprise Server\Agents.
    • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software\WOW6432Node\Research In Motion\BlackBerry Enterprise Server\Agents.
  4. If your organization’s environment includes multiple Windows domains, perform the following actions:
    1. Create a String value named LDAPDomain.
    2. Change the value to the FQDN of the global catalog server and the port number that the BlackBerry Enterprise Server Express can use to resolve the DNS name of Microsoft® Active Directory®, using the following format: <FQDN_of_GC>:<port>. If the BlackBerry Enterprise Server Express must connect to multiple global catalog servers for DNS name resolution, specify all of them as the value, using the following format: <FQDN_of_GC1>:<port> <FQDN_of_GC2>:<Port> <FQDN_of_GC3>:<port>. Separate multiple entries using spaces.

      Optionally, if you do not want to configure a limited list of global catalog servers, set the value to a domain name, and the port number to the global catalog server (for example, example.com:3268).

  5. If the BlackBerry Enterprise Server Express must use a specific port to connect to Microsoft Active Directory and you did not specify the port number in the LDAPDomain string, perform the following actions:
    1. Create a DWORD value named LDAPport.
    2. Change the value to the port number. To limit the number of LDAP queries that the BlackBerry Enterprise Server Express needs, use the port number of the global catalog server (port 3268).
  6. If the BlackBerry Enterprise Server Express must use LDAPS to connect to the Microsoft Active Directory, perform the following actions:
    1. Create a DWORD value named LDAPssl.
    2. Change the value to 1.
  7. To change the amount of time that the BlackBerry Enterprise Server Express waits for a response from Microsoft Active Directory before the connection times out (by default, 10 seconds), perform the following actions:
    1. Create a DWORD value named LDAPTimeout.
    2. Change the value to the timeout period, in seconds, that your organization requires.
  8. In the Windows Services, restart the BlackBerry Controller.

Configure the BlackBerry Enterprise Server Express to retrieve email addresses and organizer data using LDAP

  1. On the computer that hosts the BlackBerry® Enterprise Server Express, click Start > Run.
  2. Type regedit. Click OK.
  3. Perform one of the following actions:
    • If you are running a 32-bit version of Windows®, navigate to HKEY_LOCAL_MACHINE\Software\Research In Motion\BlackBerry Enterprise Server\Agents.
    • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software\WOW6432Node\Research In Motion\BlackBerry Enterprise Server\Agents.
  4. Create a DWORD value named LDAPSearch.
  5. Change the value to 1.
  6. To configure the BlackBerry Enterprise Server Express to resolve email addresses using LDAP, perform the following actions:
    1. Create a DWORD value named LDAPALPSearch.
    2. Change the value to 1.
  7. To configure the BlackBerry Enterprise Server Express to resolve organizer data using LDAP, perform the following actions:
    1. Create a DWORD value named LDAPPIMSearch.
    2. Change the value to 1.
  8. In the Windows Services, restart the BlackBerry Controller.

Prevent the BlackBerry Enterprise Server Express from retrieving contact information for specific users

If you are required by your organization to prevent BlackBerry® device users from finding contact information for specific users, you can specify a list of users that you want to prevent BlackBerry device users from finding contact information for or you can filter users using an attribute in Microsoft® Active Directory®.
Before you begin:
  • Configure the BlackBerry® Enterprise Server Express to resolve email addresses and organizer data information using LDAP.
  • If you want to filter users using an attribute, choose an attribute in Microsoft Active Directory such as Mail or any of the extensionAttributes (extensionAttribute1 through extensionAttribute15). You can use the Active Directory Users and Computers console to change the value for the attribute to HideFromBlackBerry for all users that you do not want BlackBerry device users to find.
  1. On the computer that hosts the BlackBerry Enterprise Server Express, click Start > Run.
  2. Type regedit. Click OK.
  3. Perform one of the following actions:
    • If you are running a 32-bit version of Windows®, navigate to HKEY_LOCAL_MACHINE\Software\Research In Motion\BlackBerry Enterprise Server\Agents.
    • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software\WOW6432Node\Research In Motion\BlackBerry Enterprise Server\Agents.
  4. Create a String value named LDAPALPObjectCategory.
  5. Change the value to one of the following options:
    • If your organization uses Microsoft® Exchange 2007 or Microsoft Exchange 2010, use msExchDynamicDistributionList,Group,Person))(!(<attribute>=HideFromBlackBerry, where <attribute> is the name of the attribute that you want to filter (for example, extensionAttribute1).
    • If your organization uses earlier versions of Microsoft Exchange, use Group,Person))(!(<attribute>=HideFromBlackBerry, where <attribute> is the name of the attribute that you want to filter (for example, extensionAttribute1).

    You can use an asterisk (*) as a wildcard.

  6. In the Windows Services, restart the BlackBerry Controller.

Restrict the location in Microsoft Active Directory that the BlackBerry Enterprise Server Express can retrieve email addresses and organizer data from

You can configure a BlackBerry® Enterprise Server Express instance so that it searches for email addresses and organizer data only in a specified BaseDN in Microsoft® Active Directory®.
  1. On the computer that hosts the BlackBerry Enterprise Server Express, click Start > Run.
  2. Type regedit. Click OK.
  3. Perform one of the following actions:
    • If you are running a 32-bit version of Windows®, navigate to HKEY_LOCAL_MACHINE\Software\Research In Motion\BlackBerry Enterprise Server\Agents.
    • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software\WOW6432Node\Research In Motion\BlackBerry Enterprise Server\Agents.
  4. Create a String value named LDAPBaseDN.
  5. Change the value to the BaseDN that you want the BlackBerry Enterprise Server Express to use (for example, ou=Waterloo,o=example,c=CA).
  6. In the Windows Services, restart the BlackBerry Controller.

Was this information helpful? Send us your comments.