Map groups in Microsoft Active Directory to virtual provisioning groups
If you want to use the tool to add user accounts to the BlackBerry Device Service or Universal Device Service, you must enable the provisioning feature and then map Microsoft Active Directory groups to virtual provisioning groups. When you run the synchronization process, the tool identifies the Microsoft Active Directory users that do not currently have user accounts on the server instance and adds the required user accounts. This process does not add the user accounts to BlackBerry Enterprise Service 10 groups. You must create separate mappings to synchronize group membership.
Before you begin: Enable and configure the provisioning feature. For more information, see Configure provisioning options.
- On the computer that hosts the BlackBerry Directory Sync Tool, on the taskbar, click Start > All Programs > BlackBerry Resource Kit for BlackBerry Enterprise Service 10 > BlackBerry Directory Sync Tool client.
In the Directory Group Search section, perform one of
the following actions:
- If you configured the directory group search to be manual, in the search field, type the name of a Microsoft Active Directory group. Click Search.
- If you configured the directory group search to be automatic, in the filter field, type the name of a Microsoft Active Directory group.
- In the results list, select a group.
In the BlackBerry Group Search section, perform one of
the following actions:
- If you want to add device-enabled user accounts to the server instance, select the appropriate Provision User as Device Enabled virtual provisioning group.
- If you want to add administrator accounts that are not device-enabled to the server instance, select the appropriate Provision User virtual provisioning group.
- Click Create Group Mapping.
- If you want the tool to check user accounts in nested subgroups in the Microsoft Active Directory group, in the Group Mappings section, select the Nested check box. Note that the tool does not create groups or sub-groups on the server instance.
- Repeat steps 2 to 6 to create additional mappings.
- Click Save.
After you finish:
- If you want to disable a provisioning mapping temporarily, in the Group Mappings section, clear the appropriate Enabled check box.
- To delete a mapping, in the Group Mappings section, click the appropriate Delete button.
- You can double-click the fields in the Group Mappings section to change the directory group path, the server name, and the group name. The tool does not validate the changes that you make, so verify that the changes are accurate before you start the synchronization process.
- Map groups in Microsoft Active Directory to groups on a server instance.
- Preview the synchronization process. After you review the results of the preview and resolve any errors, you can start the synchronization process.
Was this information helpful? Send us your comments.