Installation and Administration Guide

BlackBerry Manuals & Help   Administrator Documentation   Universal Device Service   Installation and Administration Guide BlackBerry Directory Sync Tool - BlackBerry Resource Kit for the Universal Device Service - 6.2

Map groups in Microsoft Active Directory to groups in an MDM domain

  • If necessary, create Universal Device Service groups that you want to synchronize with Microsoft Active Directory groups.
  • If necessary, add user accounts to the Universal Device Service. The tool can synchronize group membership only if the user accounts in Microsoft Active Directory have matching user accounts on the Universal Device Service. You can add the user accounts manually using the Administration Console, or you can enable the provisioning feature so that the tool can add user accounts during the synchronization process.
  1. On the computer that hosts the BlackBerry Directory Sync Tool, on the taskbar, click Start > All Programs > BlackBerry Resource Kit > BlackBerry Resource Kit for Universal Device Service > BlackBerry Directory Sync Tool client.
  2. In the Directory Group Search section, perform one of the following actions:
    • If you configured the directory group search to be manual, in the search field, type the name of a Microsoft Active Directory group. Click the Search button.
    • If you configured the directory group search to be automatic, in the filter field, type the name of a Microsoft Active Directory group.
  3. In the results list, select a group.
  4. In the BlackBerry Group Search section, in the filter field, type the name of a Universal Device Service group.
  5. In the results list, select a group.
  6. Click Create Group Mapping.
  7. If a Microsoft Active Directory group contains nested groups that you want to synchronize, in the Group Mappings section, select the Nested check box. Note that the tool does not create nested groups or sub-groups on the Universal Device Service.
  8. Repeat steps 2 to 7 to create additional mappings.
  9. Click Save.
  • If you want to prevent synchronization from occurring between a Microsoft Active Directory group and a Universal Device Service group temporarily, in the Group Mappings section, clear the appropriate Enabled check box.
  • To delete a mapping, in the Group Mappings section, click the appropriate Delete button.
  • You can double-click the fields in the Group Mappings section to change the directory group path, the MDM domain name, and the Universal Device Service group name. The tool does not validate the changes that you make, so verify that the changes are accurate before you start the synchronization process.
  • Preview the synchronization process. After you review the results of the preview and resolve any errors, you can start the synchronization process.

Related information

Next topic: Preview the synchronization process
Previous topic: Map groups in Microsoft Active Directory to virtual provisioning groups

Was this information helpful? Send us your comments.