- Verify that you have a domain-administrator account.
- Download and install the Windows® support tools. For more information about installing the support tools, visit www.microsoft.com to read articles 892777 and 301423.
- On the Start menu, click Run.
- Type ldp.
- Click OK.
- On the Connection menu, click Connect.
- Connect to the domain controller.
- On the Connection menu, click Bind.
- In the Bind dialog box, click OK.
- To set the LDAP search base to the BaseDN and permit the BlackBerry Administration Service to search the entire directory tree for user accounts, perform the following actions:
- To permit the BlackBerry Administration Service to access only the part of the directory tree that includes current and prospective BlackBerry device users in your organization, specify a specific area in the directory tree as the LDAP search base (for example, OU=Users,DC=yourDepartment,DC=yourOrganization,DC=net).
- To locate the administrator account information, in the Microsoft® Active Directory® Users and Computers console, find the user name for the administrator account. If you use Windows Server® 2003, verify that the administrator account has a password.
- Transfer the text file to the computer that you want to install the BlackBerry Administration Service on.
Configure the BlackBerry Administration Service to authenticate user accounts from multiple Microsoft Active Directory domains
During the installation process, the setup application prompts you to specify the LDAP server URL, search base, and the credentials for an LDAP administrator so that the BlackBerry® Administration Service can access the LDAP server and authenticate user accounts.
If the user accounts in your organization's environment are stored in more than one domain in a Microsoft® Active Directory® forest, you must configure the LDAP settings that the BlackBerry Administration Service uses so that the BlackBerry Administration Service can search the global catalog.
- During the installation process, specify the DNS host name of a global catalog server as the LDAP server name that is included in the LDAP server URL.
- Specify the LDAP port number to be 3268.
- Specify the LDAP user name and password to be the user name and password of an administrator account that has permission to read user attributes from the global catalog.