Skip Navigation

Configuring 
Microsoft Active Directory
 authentication in an environment that includes Exchange linked mailboxes

In a resource forest model, the Microsoft Exchange server is located in one forest (the resource forest) and individual user accounts are located in account forests. If your organization's environment includes a resource forest that is dedicated to running 
Microsoft Exchange
, you can configure 
Microsoft Active Directory
 authentication for user accounts that are located in trusted account forests.
If an Exchange resource forest exists in your organization's environment, you must configure BlackBerry UEM to connect to the resource forest. You must create a mailbox in the resource forest for each user account and then associate these mailboxes with the user accounts. When you associate the mailboxes in the resource forest with user accounts in the account forests, the user accounts obtain full access to the mailboxes and the user accounts in the account forests are connected to the 
Microsoft Exchange
 server. 
BlackBerry UEM
 uses the mailboxes to look up the user accounts in the individual domains.
To authenticate users who log in to 
BlackBerry UEM
BlackBerry UEM
 must read the user information that is stored in the global catalog servers that are part of the resource forest. You must create a 
Microsoft Active Directory
 account for 
BlackBerry UEM
 that is located in a 
Windows
 domain that is part of the resource forest. When you create the directory connection, you provide the 
Windows
 domain, username, and password for the 
Microsoft Active Directory
 account, and, if required, the names of the global catalog servers that 
BlackBerry UEM
 can use.
For more information, visit technet.microsoft.com to read 
Manage linked mailboxes
.