Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

Reply
Trusted Contributor
fermanagh
Posts: 183
Registered: ‎04-01-2008
My Device: Z30

Limited access rights for BESAdmin service account when using BET in shared AD forest

[ Edited ]

Hello,

 

We have a problem when our colleagues in other global offices move mailboxes when the BESAdmin account does not have access rights to the other mailbox server. We receive monitoring alerts (which causes issues for our on-call support in the middle of the night) and then need to logon and delete the BB user account. Not only this, but we then need to restart the dispatcher service so that the agent recognizes the BB user account is no longer present, otherwise we continue to receive alerts!

 

Overview:

 

We have 4 global sites which share the same resource forest. I have installed the BET but need to grant minimal access to each regional BESAdmin account.

 

My idea:

 

Use the BET to move the user account to a temporary OU on the destination site. This OU will have the correct permissions on the user's mailbox for each regional BESAdmin account.

 

My question:

 

What minimum rights do I need to give each regional BESAdmin service account so that they have access to the user's mailbox / information store? I don't care about send / receive-as due to the fact that the user's account will be inactive until they are EA'ed on the destination BES. I simply need to avoid the access rights error as described above.

 

I would think that the following permissions are sufficient:

 

Permissions on the Administrative group level: ms-Exch-Store-Admin

 

Permissions on the Exchange Server level: ms-Exch-Store-Visible

 

Thanks

 

 

Don't forget to hit like if I resolved your issue! :smileyhappy:
Please use plain text.
Guru III
knottyrope
Posts: 29,795
Registered: ‎06-25-2008
My Device:

I'm rockin the BlackBerry Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook, BlackBerry Wireless Headset HS-700

My Carrier: I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier

Re: Limited access rights for BESAdmin service account when using BET in shared AD forest

Please use plain text.
Trusted Contributor
fermanagh
Posts: 183
Registered: ‎04-01-2008
My Device: Z30

Re: Limited access rights for BESAdmin service account when using BET in shared AD forest

Hello mate,

Thanks but that's general info I already know. My question was more specific about the minimum permissions needed to access the information store.

I thought someone here might know but will tell in my lab and report back.

Cheers
Don't forget to hit like if I resolved your issue! :smileyhappy:
Please use plain text.
Guru III
knottyrope
Posts: 29,795
Registered: ‎06-25-2008
My Device:

I'm rockin the BlackBerry Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook, BlackBerry Wireless Headset HS-700

My Carrier: I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier

Re: Limited access rights for BESAdmin service account when using BET in shared AD forest

maybe you need to follow hosted solution, is the BESAdmin account at the root of your forest?

 




Click here to Backup the data on your BlackBerry Device! It's important, and FREE!


Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals

BESAdmin's, please make a signature with your BES environment info.


SIM Free BlackBerry Unlocking FAQ
Follow me on Twitter @knottyrope


Want to thank me? Buy my KnottyRope App here


BES 5.0.4 and BES 10.2.2 with Exchange 2010 and SQL 2008


Please use plain text.
Trusted Contributor
fermanagh
Posts: 183
Registered: ‎04-01-2008
My Device: Z30

Re: Limited access rights for BESAdmin service account when using BET in shared AD forest

We have 4 different BESAdmin accounts for each region which are located in the service account OU. Our infrastructure is already setup a long time ago...

I'll test this out with only those 2 rights and see what happens!
Don't forget to hit like if I resolved your issue! :smileyhappy:
Please use plain text.
Guru III
knottyrope
Posts: 29,795
Registered: ‎06-25-2008
My Device:

I'm rockin the BlackBerry Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook, BlackBerry Wireless Headset HS-700

My Carrier: I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier

Re: Limited access rights for BESAdmin service account when using BET in shared AD forest

double check inheritance too

 




Click here to Backup the data on your BlackBerry Device! It's important, and FREE!


Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals

BESAdmin's, please make a signature with your BES environment info.


SIM Free BlackBerry Unlocking FAQ
Follow me on Twitter @knottyrope


Want to thank me? Buy my KnottyRope App here


BES 5.0.4 and BES 10.2.2 with Exchange 2010 and SQL 2008


Please use plain text.