Administration Guide

BlackBerry Manuals & Help   Administrator Documentation   BlackBerry Device Service   Administration Guide BlackBerry Resource Kit for the BlackBerry Device Service - 6.2

Map groups in Microsoft Active Directory to virtual provisioning groups

If you want to use the tool to add user accounts to the BlackBerry Device Service, you must enable the provisioning feature and then map Microsoft Active Directory groups to virtual provisioning groups. When you run the synchronization process, the tool identifies the Microsoft Active Directory users that do not currently have user accounts on the BlackBerry Device Service and adds the required user accounts. This process does not add the user accounts to BlackBerry Device Service groups. You must create separate mappings to synchronize group membership.
Enable and configure the provisioning feature. For more information, see Configure provisioning options.
  1. On the computer that hosts the BlackBerry Directory Sync Tool, on the taskbar, click Start > All Programs > BlackBerry Resource Kit for BlackBerry Device Service > BlackBerry Directory Sync Tool client.
  2. In the Directory Group Search section, perform one of the following actions:
    • If you configured the directory group search to be manual, in the search field, type the name of a Microsoft Active Directory group. Click the Search button.
    • If you configured the directory group search to be automatic, in the filter field, type the name of a Microsoft Active Directory group.
  3. In the results list, select a group.
  4. In the BlackBerry Group Search section, perform one of the following actions:
    • If you want to add device-enabled user accounts to the BlackBerry Device Service, select the appropriate Provision User as Device Enabled virtual provisioning group.
    • If you want to add administrator accounts that are not device-enabled to the BlackBerry Device Service, select the appropriate Provision User virtual provisioning group.
  5. Click Create Group Mapping.
  6. If you want the tool to check user accounts in nested subgroups in the Microsoft Active Directory group, in the Group Mappings section, select the Nested check box. Note that the tool does not create groups or sub-groups on the BlackBerry Device Service.
  7. Repeat steps 2 to 6 to create additional mappings.
  8. Click Save.
  • If you want to disable a provisioning mapping temporarily, in the Group Mappings section, clear the appropriate Enabled check box.
  • To delete a mapping, in the Group Mappings section, click the appropriate Delete button.
  • You can double-click the fields in the Group Mappings section to change the directory group path, the MDM domain name, and the BlackBerry Device Service group name. The tool does not validate the changes that you make, so verify that the changes are accurate before you start the synchronization process.
  • Map groups in Microsoft Active Directory to groups in an MDM domain.
  • Preview the synchronization process. After you review the results of the preview and resolve any errors, you can start the synchronization process.

Next topic: Map groups in Microsoft Active Directory to groups in an MDM domain
Previous topic: Synchronization and provisioning rules

Was this information helpful? Send us your comments.