Map groups in Microsoft Active Directory to virtual provisioning groups
If you want to use the tool to add user accounts to the BlackBerry Enterprise Server, you must enable the provisioning feature and then map Microsoft Active Directory groups to virtual provisioning groups. When you run the synchronization process, the tool identifies the Microsoft Active Directory users that do not currently have user accounts on the BlackBerry Enterprise Server and adds the required user accounts. This process does not add the user accounts to BlackBerry Enterprise Server groups; you must create separate mappings to synchronize group membership.
Enable and configure the provisioning feature. Fore more information, see Configure provisioning options.
- On the computer that hosts the BlackBerry Directory Sync Tool, on the taskbar, click Start > All Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Analysis Monitoring and Troubleshooting Tools > BlackBerry Directory Synch Tool client.
In the Directory Group Search section, perform one of
the following actions:
- If you configured the directory group search to be manual, in the search field, type the name of a Microsoft Active Directory group. Click the Search button.
- If you configured the directory group search to be automatic, in the filter field, type the name of a Microsoft Active Directory group.
- In the results list, select a group.
In the BlackBerry Group Search section, perform one of
the following actions:
- If you want to add device-enabled user accounts to the BlackBerry Enterprise Server, select the appropriate Provision User as Device Enabled virtual provisioning group.
- If you want to add administrator accounts that are not device-enabled to the BlackBerry Enterprise Server, select the appropriate Provision User virtual provisioning group.
- Click Create Group Mapping.
- If you want the tool to check user accounts in nested subgroups in the Microsoft Active Directory group, in the Group Mappings section, select the Nested check box. Note that the tool does not create groups or sub-groups on the BlackBerry Enterprise Server.
- Repeat steps 2 to 6 to create additional mappings.
- Click Save.
- If you want to disable a provisioning mapping temporarily, in the Group Mappings section, clear the appropriate Enabled check box.
- To delete a mapping, in the Group Mappings section, click the appropriate Delete button.
- You can double-click the fields in the Group Mappings section to change the directory group path, the MDM domain name, and the BlackBerry Enterprise Server group name. The tool does not validate the changes that you make, so verify that the changes are accurate before you start the synchronization process.
- Map groups in Microsoft Active Directory to groups in an MDM domain.
- Preview the synchronization process. After you review the results of the preview and resolve any errors, you can start the synchronization process.
Was this information helpful? Send us your comments.