How to Create an Administrative User Based on an Active Directory Account in BlackBerry Enterprise Server 5.X

Creating a new administrative user based on a Windows Active Directory account in BlackBerry Enterprise Server 5.0 is a bit confusing.  This is due to the fact that the terminology they use overlaps with AD and the ability to create a new administrative user is restricted quite a bit.

For starters, make sure you are logged in as BESAdmin, or whatever account you are running the services under…. even if you have the Enterprise Administrator role assigned to your normal administrative account, that won’t do it.

Now, in the BlackBerry Solution Management Box, drill down to Administrator User and then Create An Administror User.  If you don’t see that option, you are not logged in with an account with the required permissions.

The rest is quite easy once you know the definitions of the fields as that is where it gets a bit tricky.

Display Name
Display Name is NOT the display name in Active Directory, it is however you want the name displayed in the BES console.  This can be anything you choose.

Authentication Type
You’ll leave this as Active Directory

User Name
It’s confusing here too.  As this is under the Authentication Type, you might assume you need admin credentials here, especially considering the context of the other fields that need to be filled in.  However, this is actually the user name of the account you are adding.  That’s it.

Domain
Self explanatory, but this is the Active Directory domain that the user name resides in.

Administrator Password
This is the password for the BESAdmin account you are currently logged in as.  It has nothing to do with what you specfied under User Name, even though this field is directly below it.  This of this as a verification that you really are the admin and have the rights to perform this action.

Now just pick the role you want to assign and click create.  That will do an AD lookup on the name you specified, validate the admin password, and create the user with the display name you chose.

NOTE:  Here’s the funny thing.  If you put in an AD Display Name (as might be your first instinct), and then put in the BESAdmin credentials under the Authentication section (as would seem logical), you’ll get this error: The specified account is already assigned. …which will drive you absolutely nuts as you try and find the user you thought needed to be added.  Trust me, I’ve been there : )

Advertisements

4 Responses to “How to Create an Administrative User Based on an Active Directory Account in BlackBerry Enterprise Server 5.X”

  1. Good article. I also figured this out by myself. One thing though … administrators are taking up BES CALs. Should that happen?

  2. This solution has driven me a bit nuts. We are running BES V5.0.3. In step one, you ask us to go to “the BlackBerry Solution Management Box.” Is the “box” in the Blackberry Administrations Service or some other tool? I do not see a “Blackberry Solution Management Box” in the BAS. I see the “Blackberry Solution Topology” section in the navigation pane of the interface. Is this where I need to go? If so, I need some additional clues as to how how to navigate to the “Administrator User,” because I still can’t find it. Basically the most important part of this solution, for me, is the part that is completely glossed over. Can you explain in more detail how to navigate to the “Administrator User” page?

  3. Sorry. I completely whiffed this. I now see where you were directing me to navigate to add admin users. I guess I was not looking at what was right in front of my nose.

    Thanks for the tip.

  4. Thank you. The password bit was confusing me and this page helped !

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s