Archive | BlackBerry Enterprise Server RSS feed for this section

How to Create an Administrative User Based on an Active Directory Account in BlackBerry Enterprise Server 5.X

Creating a new administrative user based on a Windows Active Directory account in BlackBerry Enterprise Server 5.0 is a bit confusing.  This is due to the fact that the terminology they use overlaps with AD and the ability to create a new administrative user is restricted quite a bit.

For starters, make sure you are logged in as BESAdmin, or whatever account you are running the services under…. even if you have the Enterprise Administrator role assigned to your normal administrative account, that won’t do it.

Now, in the BlackBerry Solution Management Box, drill down to Administrator User and then Create An Administror User.  If you don’t see that option, you are not logged in with an account with the required permissions.

The rest is quite easy once you know the definitions of the fields as that is where it gets a bit tricky.

Display Name
Display Name is NOT the display name in Active Directory, it is however you want the name displayed in the BES console.  This can be anything you choose.

Authentication Type
You’ll leave this as Active Directory

User Name
It’s confusing here too.  As this is under the Authentication Type, you might assume you need admin credentials here, especially considering the context of the other fields that need to be filled in.  However, this is actually the user name of the account you are adding.  That’s it.

Self explanatory, but this is the Active Directory domain that the user name resides in.

Administrator Password
This is the password for the BESAdmin account you are currently logged in as.  It has nothing to do with what you specfied under User Name, even though this field is directly below it.  This of this as a verification that you really are the admin and have the rights to perform this action.

Now just pick the role you want to assign and click create.  That will do an AD lookup on the name you specified, validate the admin password, and create the user with the display name you chose.

NOTE:  Here’s the funny thing.  If you put in an AD Display Name (as might be your first instinct), and then put in the BESAdmin credentials under the Authentication section (as would seem logical), you’ll get this error: The specified account is already assigned. …which will drive you absolutely nuts as you try and find the user you thought needed to be added.  Trust me, I’ve been there : )