Map groups in Microsoft Active Directory to groups in a BlackBerry Enterprise Service 10 domain

Before you begin:
  • If necessary, create BlackBerry Enterprise Service 10 groups that you want to synchronize with Microsoft Active Directory groups.
  • If necessary, add user accounts to the BlackBerry Device Service or Universal Device Service. The tool can synchronize group membership only if the user accounts in Microsoft Active Directory have matching user accounts on the server instance. You can use the appropriate administration console to manually add the user accounts, or you can enable the provisioning feature so that the tool can add user accounts during the synchronization process.
  1. On the computer that hosts the BlackBerry Directory Sync Tool, on the taskbar, click Start > All Programs > BlackBerry Resource Kit for BlackBerry Enterprise Service 10 > BlackBerry Directory Sync Tool client.
  2. In the Directory Group Search section, perform one of the following actions:
    • If you configured the directory group search to be manual, in the search field, type the name of a Microsoft Active Directory group. Click the Search button.
    • If you configured the directory group search to be automatic, in the filter field, type the name of a Microsoft Active Directory group.
  3. In the results list, select a group.
  4. In the BlackBerry Group Search section, in the filter field, type the name of BlackBerry Enterprise Service 10 group.
  5. In the results list, select a group.
  6. Click Create Group Mapping.
  7. If a Microsoft Active Directory group contains nested groups that you want to synchronize, in the Group Mappings section, select the Nested check box. Note that the tool does not create nested groups or sub-groups on the server instance.
  8. Repeat steps 2 to 7 to create additional mappings.
  9. Click Save.
After you finish:
  • If you want to prevent synchronization from occurring between a Microsoft Active Directory group and a BlackBerry Enterprise Service 10 group, in the Group Mappings section, clear the appropriate Enabled check box.
  • To delete a mapping, in the Group Mappings section, click the appropriate Delete button.
  • You can double-click the fields in the Group Mappings section to change the directory group path, the server name, and the group name. The tool does not validate the changes that you make, so verify that the changes are accurate before you start the synchronization process.
  • Preview the synchronization process. After you review the results of the preview and resolve any errors, you can start the synchronization process.


Was this information helpful? Send us your comments.