BES10 logo
BlackBerry Enterprise Service 10 version 10.2
 

Connect the BlackBerry Device Service to Microsoft Active Directory

Before you begin:
Create a Microsoft Active Directory account for the BlackBerry Device Service that is located in a Windows domain that is part of the resource forest. When you create the account, specify a password that meets the security requirements of your organization and configure the following password settings:
  • The user is not required to change the password at next login.
  • The user's password never expires.
  1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Company directory integration.
  2. Click Manage company directory connections.
  3. Click Create a company directory connection.
  4. Type a name and description for the company directory connection.
  5. In the Type drop-down list, click Microsoft Active Directory.
  6. Click Next.
  7. In the Microsoft Active Directory login information section, in the User name field, type the name of the Microsoft Active Directory account that has permission to access the user containers and read the user objects that are stored in the global catalog servers that are in the resource forest.
  8. In the Password and Confirm password fields, type the password for the Microsoft Active Directory account.
  9. In the User domain field, type the name of the Windows domain that is a part of the resource forest.
  10. In the Global catalog search base field, perform one of the following actions:
    • To permit the BlackBerry Administration Service to search the global catalog, leave the field blank.
    • To control which user accounts the BlackBerry Administration Service can authenticate with, type the DN of the user container (for example, OU=sales,DC=example,DC=com).
  11. In the Global catalog server discovery drop-down list, perform one of the following actions:
    • If you want the BlackBerry Administration Service to find all of the global catalog servers in the resource forest automatically, click Automatic.
    • If you want to configure the global catalog servers that the BlackBerry Administration Service can access, click Specify servers and perform the following actions:
    1. In the Global catalog server section, type the FQDN of the global catalog server that you want the BlackBerry Administration Service to access (for example, globalcatalog01.example.com). You must type the FQDN of a global catalog server that is located in the Windows domain that the Microsoft Active Directory account is located in.
    2. Click the Add icon.
    3. Perform this step for each global catalog server that you want the BlackBerry Administration Service to access.
  12. In the Support for linked Microsoft Exchange mailboxes section, perform one of the following actions:
    • To disable support for linked Microsoft Exchange mailboxes, select the Turn off radio button.
    • To enable support for linked Microsoft Exchange mailboxes, select the Turn on radio button. To configure the Microsoft Active Directory account for each forest, in the Account forest name section, type the user domain name, username, and password for the Microsoft Active Directory account.
  13. In the Login domain section, in the Default domain field, type the name of the default domain that users log in from.
  14. In the Single sign-on authentication for BlackBerry Administration Service turned on drop-down list, perform one of the following actions:
    • If you want to enable single sign-on authentication for the BlackBerry Administration Service, click Yes.
    • If you do not want to enable single sign-on authentication for the BlackBerry Administration Service, click No.
  15. Optionally, in the Microsoft Active Directory search settings section, in the Active Directory user search filter field, type the search filter that you would like to use to refine the basic user information search results. The search filter must use LDAP syntax.
  16. If your organization does not use the default Microsoft Active Directory fields, in the Attribute mappings section, for each mapping that you want to change, type the appropriate attribute in the External attribute field.
  17. Click Save.
The BlackBerry Administration Service validates the information for Microsoft Active Directory authentication. If the information is valid, the BlackBerry Administration Service implements the changes immediately and you do not need to restart the BlackBerry Administration Service services. If the information is not valid, the BlackBerry Administration Service prompts you to specify the correct information.
Last updated: 2015-02-23
©2015 BlackBerry. All Rights Reserved. | Glossary