Map groups in Microsoft Active Directory to groups in an MDM domain

  • If necessary, create BlackBerry Enterprise Server groups that you want to synchronize with Microsoft Active Directory groups.
  • If necessary, add user accounts to the BlackBerry Enterprise Server. The tool can synchronize group membership only if the user accounts in Microsoft Active Directory have matching user accounts on the BlackBerry Enterprise Server. You can add the user accounts manually using the BlackBerry Administration Service, or you can enable the provisioning feature so that the tool can add user accounts during the synchronization process.
  1. On the computer that hosts the BlackBerry Directory Sync Tool, on the taskbar, click Start > All Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Analysis Monitoring and Troubleshooting Tools > BlackBerry Directory Synch Tool client.
  2. In the Directory Group Search section, perform one of the following actions:
    • If you configured the directory group search to be manual, in the search field, type the name of a Microsoft Active Directory group. Click the Search button.
    • If you configured the directory group search to be automatic, in the filter field, type the name of a Microsoft Active Directory group.
  3. In the results list, select a group.
  4. In the BlackBerry Group Search section, in the filter field, type the name of a BlackBerry Enterprise Server group.
  5. In the results list, select a group.
  6. Click Create Group Mapping.
  7. If a Microsoft Active Directory group contains nested groups that you want to synchronize, in the Group Mappings section, select the Nested check box. Note that the tool does not create nested groups or sub-groups on the BlackBerry Enterprise Server.
  8. Repeat steps 2 to 7 to create additional mappings.
  9. Click Save.
  • If you want to prevent synchronization from occurring between a Microsoft Active Directory group and a BlackBerry Enterprise Server group temporarily, in the Group Mappings section, clear the appropriate Enabled check box.
  • To delete a mapping, in the Group Mappings section, click the appropriate Delete button.
  • You can double-click the fields in the Group Mappings section to change the directory group path, the MDM domain name, and the BlackBerry Enterprise Server group name. The tool does not validate the changes that you make, so verify that the changes are accurate before you start the synchronization process.
  • Preview the synchronization process. After you review the results of the preview and resolve any errors, you can start the synchronization process.


Was this information helpful? Send us your comments.