Upgrade Guide

Local Navigation

BlackBerry Manuals & Help   Documentation for Administrators   BlackBerry Enterprise Server   BlackBerry Enterprise Server for Microsoft Exchange   Upgrade Guide - BlackBerry Enterprise Server for Microsoft Exchange - 5.0

Configure permissions for the administrator account on the LDAP server that the BlackBerry Administration Service uses

To authenticate a user account, you must configure permissions for an adminstrator account on the LDAP server so that the BlackBerry® Administration Service can read LDAP attributes in the Microsoft® Active Directory®.
Note: If the administrator account connects to a Windows Server® 2008 domain controller that is running at a Windows Server 2003 domain functional level, you must configure the administrator account to use DES encryption for Kerberos™ authentication. For more information, visit www.blackberry.com/btsc to read article KB18186.
Before you begin: Create an administrator account for the BlackBerry Administration Service.
  1. In Microsoft Active Directory, in the search-base container and all subcontainers that user accounts are located in, add the following permissions to the administrator account:
    • for containers, the List Contents permission
    • for user objects, the Read All Properties permission
  2. Configure the administrator account so that the account has the correct permission to read the attributes of the crossRef objects that represent domains in the Partitions container of the Microsoft Active Directory configuration partition.
Next topic: Find the LDAP information that the BlackBerry Administration Service requires
Previous topic: Configuring the LDAP information for the BlackBerry Administration Service

Was this information helpful? Send us your comments.