Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

Reply
New Contributor
davidro
Posts: 3
Registered: ‎07-08-2008
My Device: Not Specified

Presales Question - Security Permissions of Active Directory Contacts (resolution is a must)

[ Edited ]

Hi,

 

We are looking to switch from Good to BES.  Well that has it's +'s  and -'s.  In switching we're loosing the ability to directly access contacts in Public Folders.  We have contacts that have info and phone numbers of VP's that are not for eveyone's access.  

 

Is there a way to provide this functionality in BES? 

 

I have the idea of creating contacts in AD and setting permissions, will that work?

Do the permissions need to be granted to the BES service account or user, both?

 

I need to have a solution ASAP, as it will make or break switching over.

 

Thanks,

 

Dave

 

Message Edited by davidro on 07-08-2008 02:28 PM
Forums Veteran II
AndyDufresne
Posts: 2,744
Registered: ‎04-01-2008
My Device: Bold

Re: Presales Question - Security Permissions of Active Directory Contacts (resolution is a must)


davidro wrote:

Hi,

 

We are looking to switch from Good to BES.  Well that has it's +'s  and -'s.  In switching we're loosing the ability to directly access contacts in Public Folders.  We have contacts that have info and phone numbers of VP's that are not for eveyone's access.  

 

Is there a way to provide this functionality in BES? 

 

>> Currently, not natively ... we're all hoping for this function in a future release.  There are however 3rd party products that can integrate into BES / BBs to do this.  Search for BlackBerry Public Folder Sync or BlackBerry Public Folder Contact Sync

 

I have the idea of creating contacts in AD and setting permissions, will that work?

 

>> Will it work for what?

 

Do the permissions need to be granted to the BES service account or user, both?

 

>> The BES Service account needs permissions granted ... what are you referencing?   Perhaps you should read this: KB02276 - Assigning permissions for the BlackBerry Enterprise Server service account

 

I need to have a solution ASAP, as it will make or break switching over.

 

>> Please be as specific as you can with your questions.

------------------------------
If you've found a solution through a post; please mark it as a solution.
If someone's was particularly helpful, give them kudo's!.


Get busy living, or get busy dying.

http://blog.port3101.org/hdawg/
New Contributor
davidro
Posts: 3
Registered: ‎07-08-2008
My Device: Not Specified

Re: Presales Question - Security Permissions of Active Directory Contacts (resolution is a must)

[ Edited ]

AndyDufresne wrote:

 

Thanks for the reply Andy!!!!!! 

 

 

Is there a way to provide this functionality in BES? 

 

>> Currently, not natively ... we're all hoping for this function in a future release.  There are however 3rd party products that can integrate into BES / BBs to do this.  Search for BlackBerry Public Folder Sync or BlackBerry Public Folder Contact Sync

 

I have the idea of creating contacts in AD and setting permissions, will that work?

>> Will it work for what?

 To only allow view only certain contact in AD. 

 

 

Do the permissions need to be granted to the BES service account or user, both?

>> The BES Service account needs permissions granted ... what are you referencing?   Perhaps you should read this: KB02276 - Assigning permissions for the BlackBerry Enterprise Server service account

 

The service account has all the permissions as per KB02276.

 

I created a contact for testing and granted the service account 'full control' to the contact.  Even with that, my Blackberry can not lookup the contact. Returns 'no matches'.

 

It appears that BES also needs on some of the default permissions in AD, i.e. Authenticated Users having read.  This will defeat the purpose to setup contacts that only our VP's can access from their Blackberries.   

 

What I need to know is what are the all inclusive permissions required for BES to access the properties of an contact in AD and return that information back to the Blackberry of the requestor.

 

Thanks,

 

Dave

 

 

 

 

 

 

 

 

 

 


 

Message Edited by davidro on 07-08-2008 08:32 PM
Forums Veteran II
AndyDufresne
Posts: 2,744
Registered: ‎04-01-2008
My Device: Bold

Re: Presales Question - Security Permissions of Active Directory Contacts (resolution is a must)

>> Currently, not natively ... we're all hoping for this function in a future release.  There are however 3rd party products that can integrate into BES / BBs to do this.  Search for BlackBerry Public Folder Sync or BlackBerry Public Folder Contact Sync

 

I have the idea of creating contacts in AD and setting permissions, will that work?

>> Will it work for what?

 To only allow view only certain contact in AD. 

 

>> BES doesn't use any magic to talk to AD / GC's; it uses its default GAL.  If the contact is in the GAL that the BES is using, and the BES has access to view the object then it will see it.  You can't add a contact to a BES and have it be a user on the BES.  Direct MAPI/RPC access must exist for each mailbox serviced by BES.

 

Do the permissions need to be granted to the BES service account or user, both?

>> The BES Service account needs permissions granted ... what are you referencing?   Perhaps you should read this: KB02276 - Assigning permissions for the BlackBerry Enterprise Server service account

 

The service account has all the permissions as per KB02276.

 

I created a contact for testing and granted the service account 'full control' to the contact.  Even with that, my Blackberry can not lookup the contact. Returns 'no matches'.

 

It appears that BES also needs on some of the default permissions in AD, i.e. Authenticated Users having read.  This will defeat the purpose to setup contacts that only our VP's can access from their Blackberries.   

 

What I need to know is what are the all inclusive permissions required for BES to access the properties of an contact in AD and return that information back to the Blackberry of the requestor.

>> So if permissions is an issue, create another GAL and make sure the BES uses that GAL
I guess in the end you could try OutlookPCS
------------------------------
If you've found a solution through a post; please mark it as a solution.
If someone's was particularly helpful, give them kudo's!.


Get busy living, or get busy dying.

http://blog.port3101.org/hdawg/
New Contributor
davidro
Posts: 3
Registered: ‎07-08-2008
My Device: Not Specified

Re: Presales Question - Security Permissions of Active Directory Contacts (resolution is a must)

Hello Andy,

 

Creating another GAL will not work.

 

Here's the issue, we have VP's that need to wirelessly (on demand) using a Blackberry search information in the Address Book (default GAL) of other VP's that contains home phone numbers and etc...  This information must not be visable to anyone who is NOT a VP.   I was able to secure this in Good by using contacts in Public Folders and setting client permissions on the folder.  

 

I need to be able to do the same in a BES environment.  There must be a solution to do this.  Can you please have this issue esclated with support.

 

Thanks,

 

Dave 

Guru III
knottyrope
Posts: 30,779
Registered: ‎06-25-2008
My Device:

I'm rockin the BlackBerry Passport, Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook, BlackBerry Wireless Headset HS-700

My Carrier: I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier

Re: Presales Question - Security Permissions of Active Directory Contacts (resolution is a must)

It was made to sync your contacts, mail, tasks, notes etc.

 

If you want it to do more get a 3rd party app or train the VP's how to copy paste contacts in outlook, LOL.

 

RIM is not doing this any time soon.

 

 

 

 




Click here to Backup the data on your BlackBerry Device! It's important, and FREE!


Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals

BESAdmin's, please make a signature with your BES environment info.


SIM Free BlackBerry Unlocking FAQ
Follow me on Twitter @knottyrope


Want to thank me? Buy my KnottyRope App here


BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V


Forums Veteran II
AndyDufresne
Posts: 2,744
Registered: ‎04-01-2008
My Device: Bold

Re: Presales Question - Security Permissions of Active Directory Contacts (resolution is a must)


I need to be able to do the same in a BES environment.  There must be a solution to do this. 

 

>> I'm sure someone has made something ... I just don't know of one.

 

Can you please have this issue esclated with support.

 

>> Nope; I don't work for RIM and none of my customers have this concern / issue so I'm not willing to burn a support incident on it; sorry.

------------------------------
If you've found a solution through a post; please mark it as a solution.
If someone's was particularly helpful, give them kudo's!.


Get busy living, or get busy dying.

http://blog.port3101.org/hdawg/