BlackBerry Enterprise Server Resource Kit
BlackBerry Enterprise Server User Administration Tool
Version: 5.0
Administration Guide
SWD-504685-0330050601-001
Contents
1 Overview....................................................................................................................................................................................... 5
BlackBerry Enterprise Server User Administration Tool............................................................................................................. 5
Preconfigured administrative roles for the BlackBerry Enterprise Server................................................................................ 5
New in this release......................................................................................................................................................................... 9
Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration
Tool................................................................................................................................................................................................... 12
Supported authentication models........................................................................................................................................ 12
Authentication credentials.................................................................................................................................................... 12
Syntax for authentication credentials.................................................................................................................................. 13
Setting authentication credentials....................................................................................................................................... 13
Storing an encrypted set of authentication credentials in the Windows registry.......................................................... 13
Extracting credentials that are stored in the Windows registry........................................................................................ 14
String value requirements..................................................................................................................................................... 14
Use cases................................................................................................................................................................................. 14
2 Managing user accounts............................................................................................................................................................ 17
Adding user accounts..................................................................................................................................................................... 17
Add a new user account to the BlackBerry Enterprise Server........................................................................................... 17
Add a new user account to a group...................................................................................................................................... 18
Add an existing user account to a group............................................................................................................................. 18
Assign a software configuration to a user account............................................................................................................ 18
Finding user accounts.................................................................................................................................................................... 19
Find a user account................................................................................................................................................................ 19
Changing and removing user accounts........................................................................................................................................ 19
Move a user account to a different BlackBerry Enterprise Server.................................................................................... 19
Move a user account to a different user group................................................................................................................... 20
Delete a user account from a group..................................................................................................................................... 20
Delete a software configuration from a user account........................................................................................................ 20
Delete a user account from the BlackBerry Enterprise Server.......................................................................................... 21
Change user account settings....................................................................................................................................................... 21
List the groups in a BlackBerry Domain....................................................................................................................................... 22
3 Managing email message forwarding...................................................................................................................................... 23
Turn on or turn off email message forwarding............................................................................................................................ 23
List the folders that are available for email message forwarding............................................................................................. 23
Turn on or turn off email message forwarding for folders......................................................................................................... 24
4 Managing IT policies and IT policy rules.................................................................................................................................. 25
List the IT policy rules in an IT policy............................................................................................................................................ 25
Set IT policy rules for a user account............................................................................................................................................ 26
List the IT policies in the BlackBerry Configuration Database.................................................................................................. 26
5 Managing BlackBerry devices................................................................................................................................................... 27
Set a password for a BlackBerry device........................................................................................................................................ 27
Set owner information on a BlackBerry device............................................................................................................................ 27
Delete pending messages.............................................................................................................................................................. 28
Resend a service book.................................................................................................................................................................... 28
Resend the peer-to-peer encryption key..................................................................................................................................... 29
Protect a stolen BlackBerry device................................................................................................................................................ 29
6 Sending notification messages to BlackBerry devices.......................................................................................................... 30
Send a notification PIN message.................................................................................................................................................. 30
Send a notification email message............................................................................................................................................... 31
7 Retrieving user account statistics and information about BlackBerry devices.................................................................. 32
Retrieve user account statistics..................................................................................................................................................... 32
Results of a statistics query for a user account................................................................................................................... 32
Clear user account statistics.......................................................................................................................................................... 34
Retrieve enterprise activation statistics for a user account....................................................................................................... 34
8 Retrieving BlackBerry device information............................................................................................................................... 36
List the applications that are available on one or more BlackBerry devices............................................................................ 36
List the BlackBerry devices that a specific application is installed on..................................................................................... 36
Retrieve the statistics for BlackBerry devices.............................................................................................................................. 36
Results of a statistics query for a BlackBerry device.......................................................................................................... 37
List the modules and .cod files that are available on a BlackBerry device............................................................................... 38
9 Retrieve statistics for the BlackBerry Enterprise Server or the messaging server............................................................ 39
Results of a statistics query for a BlackBerry Enterprise Server................................................................................................ 39
10 Troubleshooting the BlackBerry Enterprise Server User Administration Tool................................................................... 41
Check the status of the BlackBerry Enterprise Server User Administration Tool................................................................... 41
Configuring log files....................................................................................................................................................................... 41
11 Parameters for the BlackBerry Enterprise Server User Administration Tool..................................................................... 43
Using the command summary in the help file............................................................................................................................ 43
12 Common parameters................................................................................................................................................................... 44
13 Input, output, and user feedback parameters......................................................................................................................... 45
14 -add................................................................................................................................................................................................ 47
15 -assign_swconfig......................................................................................................................................................................... 50
16 -change......................................................................................................................................................................................... 52
17 -delete........................................................................................................................................................................................... 56
18 -find............................................................................................................................................................................................... 58
19 -handheld_info............................................................................................................................................................................ 59
20 -kill_handheld.............................................................................................................................................................................. 62
21 -list................................................................................................................................................................................................. 64
22 -move............................................................................................................................................................................................. 67
23 -resend_peer_to_peer_key....................................................................................................................................................... 69
24 -resend_service_book................................................................................................................................................................ 70
25 -send_email.................................................................................................................................................................................. 71
26 -send_pin...................................................................................................................................................................................... 73
27 -set_client_auth.......................................................................................................................................................................... 75
28 -set_folder_redirection.............................................................................................................................................................. 77
29 -set_owner_info.......................................................................................................................................................................... 79
30 -set_password.............................................................................................................................................................................. 81
31 -set_user_itpolicy_rule.............................................................................................................................................................. 82
32 -stats.............................................................................................................................................................................................. 84
33 -status........................................................................................................................................................................................... 86
34 Glossary......................................................................................................................................................................................... 87
35 Provide feedback......................................................................................................................................................................... 88
36 Legal notice.................................................................................................................................................................................. 89
Administration Guide
Overview
Overview
The BlackBerry® Enterprise Server Resource Kit is a collection of tools that can help you extend your ability to manage and
monitor the BlackBerry® Enterprise Solution. You can download the BlackBerry Enterprise Server Resource Kit from
www.blackberry.com/support/downloads.
The BlackBerry Enterprise Server Resource Kit contains the following tool packages:
• BlackBerry Enterprise Server User Administration Tool
• BlackBerry Analysis, Monitoring, and Troubleshooting Tools
• BlackBerry Enterprise Transporter
1
BlackBerry Enterprise Server User Administration Tool
You can use the BlackBerry® Enterprise Server User Administration Tool to manage user accounts on the BlackBerry® Enterprise
Server on a large scale. For example, you can add, find, move, and remove user accounts, or change user account configurations.
You can run the BlackBerry Enterprise Server User Administration Tool from a command prompt to perform BlackBerry Enterprise
Server administration tasks or to gather management and monitoring information.
The BlackBerry Enterprise Server User Administration Tool connects to the BlackBerry Administration Service to obtain
information from and store information in the BlackBerry Configuration Database.
Preconfigured administrative roles for the BlackBerry Enterprise Server
The BlackBerry® Enterprise Server installation includes preconfigured administrative roles. Each preconfigured administrative
role has a number of permissions turned on.
You can configure additional permissions in the preconfigured administrative roles, or you can turn off any of the permissions
that are shown in the following table. For more information, visit www.blackberry.com/go/serverdocs to read the BlackBerry
Enterprise Server Administration Guide.
Permission name Security role
Create a group * * * *
Delete a group * * *
View a group (across Group) * * * * *
Edit a group (across Group) * * * *
Enterprise
role
Senior
Helpdesk
role
Junior
Helpdesk
role
Server only
role
User only
role
5
Administration Guide
Preconfigured administrative roles for the BlackBerry Enterprise Server
Permission name Security role
Enterprise
role
Senior
Helpdesk
role
Junior
Helpdesk
role
Server only
role
Create a user * * * *
Delete a user * * * *
View a user (across Group) * * * * *
Edit a user (across Group) * * * *
View a device (across Group) * * * * *
Edit a device (across Group) * * * * *
View device activation
* * *
settings
Edit device activation
* * *
settings
Create an IT policy * * *
Delete an IT policy * * *
View an IT policy * * * * *
Edit an IT policy * * *
Import an IT policy * * *
Export a data file * * * *
Create a user-defined IT
* * *
policy template
Delete a user-defined IT
* * *
policy template
Edit a user-defined IT policy
* * *
template
Import an IT policy template * * *
Create a software
* * *
configuration
View a software
* * * * *
configuration
Edit a software configuration * * *
Delete a software
* * *
configuration
Create an application * * *
User only
role
6
Administration Guide
Preconfigured administrative roles for the BlackBerry Enterprise Server
Permission name Security role
Enterprise
role
Senior
Helpdesk
role
Junior
Helpdesk
role
Server only
role
View an application * * * * *
Edit an application * * *
Delete an application * * *
Create an administrator user * * *
Specify activation password * * * * *
Turn off and on external
* * * *
services
Clear activation password * * * * *
Clear synchronization
* * * *
backup data
Clear user statistics * * * * *
Reset user field mapping * * * *
Turn on redirection * * * *
Turn off redirection * * * *
Refresh available user list
* * * * *
from company directory
Synchronize GroupWise®
* * *
System Address Book
Clear and synchronize
* * *
GroupWise System Address
Book
View a server * * *
Edit a server * * *
View a component * * *
Edit a component * * *
View an instance * * *
Edit an instance * * *
Change the status of an
* * *
instance
Edit an instance relationship * * *
View a job * * *
User only
role
7
Administration Guide
Preconfigured administrative roles for the BlackBerry Enterprise Server
Permission name Security role
Enterprise
role
Senior
Helpdesk
role
Junior
Helpdesk
role
Server only
role
Edit a job * * *
View default distribution
* * *
settings for a job
Edit default distribution
* * *
settings for a job
Update peer-to-peer
* * *
encryption key
View job distribution settings * * *
Edit job distribution settings * * *
Delete an instance * * *
Edit license keys * * *
License key view * * *
Manually fail a job * * *
Clear instance statistics * * *
Clear statistics for a
* * *
BlackBerry MDS Connection
Service instance
View push rules for the
* * * * * *
BlackBerry MDS Connection
Service
View pull rules for the
* * * * *
BlackBerry MDS Connection
Service
Send message (across
* * * * *
Group)
Create a role * *
Delete a role * *
View a role * * *
Edit a role * *
Add and remove a role
* * *
(across Group)
User only
role
8
Administration Guide
New in this release
Permission name Security role
View a group across
organizations
Edit a group across
organizations
Add and remove a role across
organizations
View a device across
organizations
Edit a device across
organizations
Register an event notification
Create an event notification
Edit a BlackBerry
Administration Service timer
View BlackBerry Monitoring
Service information
Edit BlackBerry Monitoring
Service settings
Enterprise
role
Senior
Helpdesk
role
Junior
Helpdesk
role
Server only
role
User only
role
New in this release
BlackBerry Analysis, Monitoring, and Troubleshooting Tools
The functionality of the following BlackBerry® Analysis, Monitoring, and Troubleshooting Tools has been integrated into the
BlackBerry Enterprise Server User Administration Tool. As a result, the tools are no longer distributed separately.
Tool Description
BlackBerry Enterprise Activation
Status Reporting Tool
(EAStatus.exe)
To generate a report of the stages of activation for a user account, in the BlackBerry
Enterprise Server User Administration Tool, you can run the following command:
besuseradminclient <credentials> -list -eastatus
9
Administration Guide
New in this release
Tool Description
BlackBerry IT Policy Template
Reporting Tool
(ITPolicyTemplateReport.exe)
To display the preconfigured IT policies that are available on a BlackBerry® Enterprise
Server, in the BlackBerry Enterprise Server User Administration Tool, you can run the
following command:
besuseradminclient <credentials> -list -it_policy_templates
Parameter changes in the BlackBerry Enterprise Server User Administration Tool
Parameter Description
-change -u -cw This subparameter removes the activation password for a BlackBerry device from the
BlackBerry Configuration Database.
-delete -u -force This subparameter forces the removal of a user account from the BlackBerry Configuration
Database, even if a mailbox does not exist for the user.
The -force subparameter replaces the -hard subparameter.
-i <input_filename> This subparameter provides the option for all commands that have command line options
to use an input file.
The first line of the input file is a comma-separated list of options that the columns
represent. This list can be any (non-empty) subset of valid options in any order. For Boolean
options, such as -cs, a column value of 0 or FALSE (not case-sensitive) turn off the option.
All other values, including the empty value, turn on the option.
-list -servers This subparameter lists all BlackBerry Enterprise Server and messaging server instances.
-o <output_filename> This subparameter provides the option to create an output file.
You can use this subparameter with any command.
-p <password> This subparameter specifies the authentication password that the BlackBerry Enterprise
Server User Administration Tool uses to extract authentication credentials from the
Windows® registry and use in command line options. The parameter was previously used
to authenticate the BESUserAdminClient with the BESUserAdminService.
-set_client_auth This parameter specifies the credentials that the BlackBerry Enterprise Server User
Administration Tool uses to authenticate with the BlackBerry Administration Service. You
run the following command:
besuseradminclient -set_client_auth <credentials_to_set> -set_p <password>
Previously, -set_client_auth was a subparameter that was used with other commands.
10
Administration Guide
Parameter Description
-stats -service -b <instance> and
-stats -service -email <instance>
These subparameters display statistics for a BlackBerry Enterprise Server component or
for a BlackBerry Messaging Agent instance.
They replace the following subparameters:
• -stats -b <instance>
• -stats -servers
-v <level> The <level> variable allows you to specify the level of detail that is provided in log files by
using one of the following options:
• TRACE
• DEBUG
• WARNING
• ERROR
• INFORMATIONAL
The default level is set at DEBUG.
The -v parameter was previously used to specify only a verbose reporting level.
Parameters that are no longer used in the BlackBerry Enterprise Server User Administration Tool
Parameter Description
-add -u -domaddrsvr
<servername>
This parameter was used by the BlackBerry Enterprise Server User Administration Tool to
identify the remote address book server to look up a user.
-add -infofile This parameter has been enhanced to -add -i <input_filename>.
- change -infofile This parameter has been enhanced to -change -i <input_filename>.
- change -u -cpin This parameter was used to remove the PIN for a user account from the BlackBerry
Configuration Database.
-delete -f This parameter has been enhanced to -delete -force.
-delete -hard This parameter has been enhanced to -delete -force.
-stats -b <instance> This parameter has been enhanced to -stats -service -b <instance> and -stats -service -
email <instance>.
-stats -servers This parameter has been enhanced to -stats -service -b <instance> and -stats -service -
email <instance>.
11
Administration Guide
Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool
Compatibility of authentication methods with previous versions of the
BlackBerry Enterprise Server User Administration Tool
If your organization uses applications that work with previous versions of the BlackBerry® Enterprise Server User Administration
Tool, in many cases, these applications also work with version 5.0 of the tool.
Supported authentication models
In BlackBerry® Enterprise Server version 5.0, the models for authentication (login) and authorization (roles or capabilities) for
administration are different from the models that were used in previous versions.
BlackBerry Enterprise Server version 5.0 supports the following authentication models:
• BlackBerry Administration Service authentication (default)
• mailbox authentication (IBM® Lotus® Domino® environment only)
• Microsoft® Active Directory® authentication
BlackBerry Enterprise Server version 5.0 does not support Windows® authentication or Microsoft® SQL Server® authentication.
You must create one of the following administrators with sufficient credentials to authenticate with the BlackBerry Administration
Service:
• administrator in the BlackBerry Administration Service
• mailbox administrator (IBM Lotus Domino environment only)
• administrator in Microsoft Active Directory
Roles or capabilities that are based on database user accounts are not supported in BlackBerry Enterprise Server version 5.0.
For more information about how to create a BlackBerry Administration Service administrator, visit www.blackberry.com/go/
serverdocs to read the BlackBerry Enterprise Server Administration Guide.
Authentication credentials
In the BlackBerry® Enterprise Server User Administration Tool version 5.0, you can use the following parameters interchangeably:
• "-username" or "-sqluser" (authentication user name)
• "-password" or "-sqlpass" (authentication password)
The BlackBerry Enterprise Server User Administration Tool uses the values associated with these options for the authentication
and authorization models that are supported in the BlackBerry® Enterprise Server version 5.0. The tool does not does not support
Microsoft® SQL Server® authentication or roles or capabilities that are defined on the Microsoft SQL Server database engine.
12
Administration Guide
Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool
Syntax for authentication credentials
In the BlackBerry® Enterprise Server User Administration Tool BlackBerry Enterprise Server User Administration Tool, the variable
<credentials> represents the user name and password that you use for authentication with the BlackBerry Administration Service.
The BlackBerry Enterprise Server User Administration Tool uses the following syntax for authentication credentials.
Item Description
-username <user name>
-sqluser <user name>
-password <password>
-sqlpass <password>
-domain <domain> authentication domain
-bas_auth use BlackBerry Administration Service authentication (default)
-mailbox_auth use mailbox authentication (IBM® Lotus® Domino® environment only)
-ad_auth use Microsoft® Active Directory® authentication
authentication user name
authentication password
In the BlackBerry Enterprise Server User Administration Tool, the variable <credentials> represents the user name and password
that you use for authentication with the BlackBerry Administration Service.
Setting authentication credentials
Storing an encrypted set of authentication credentials in the Windows registry
The BlackBerry® Enterprise Server User Administration Tool uses the -set_client_auth <credentials> -set_p <password>
command to store credentials in the Windows® registry and then insert the credentials into the command line options.
Example
BESUserAdminClient -username admin -password password -set_client_auth "-username smoser -password password1 ad_auth -domain test.rim.net" -set_p password
This creates the following Windows registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Resource Kit\BESUserAdmin\ClientAuth
13
Administration Guide
Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool
Extracting credentials that are stored in the Windows registry
The BlackBerry® Enterprise Server User Administration Tool uses the -p <password> command to extract and decrypt credentials
that are stored in the Windows® registry and then inserts the credentials into the command line options.
Example
BESUserAdminClient -p password1 -status
This runs the following command:
BESUserAdminClient -username smoser -password password1 -ad_auth -domain test.rim.net -status
String value requirements
To specify -set_client_auth values that contain characters in double quotation marks, you must surround the entire string with
double quotation marks. You must use a set of quotation marks to escape every embedded set of characters that are in double
quotation marks.
Example: Using double quotation marks to specify a work location nickname for a user
If you have two users with the same name, Sam Moser, one of whom works in Waterloo and the other in New York, you can specify
the work location for the user as a nickname.
BESUserAdminClient -username "Sam \"Waterloo\" Moser" -password password -status
You store this option and value in the Windows® registry using the following command:
BESUserAdminClient -set_p password1 -set_client_auth "-username ""Sam \"\"Waterloo\"\" Moser"" -password password"
Use cases
In all the following examples, you log on to the computer that hosts the BlackBerry® Enterprise Server User Administration
Tool using the following credentials:
• User name: NTLMU1
• Password: NTLMP1
Example: Running a command using SQL authentication
You log on to the computer that hosts the BlackBerry Enterprise Server User Administration Tool using the following credentials:
• User name: SQLU1
• Password: SQLP1
14
Administration Guide
Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool
BlackBerry Enterprise Server User Administration Tool
version 4.1.x
Run the following command: BESUserAdminClient -p
password1 -sqluser SQLU1 -sqlpass SQLP1...
Example: Running a command using Windows authentication
BlackBerry Enterprise Server User Administration Tool
version 4.1.x
Run the following command: BESUserAdminClient -p
password1...
BlackBerry Enterprise Server User Administration Tool
version 5.0
Initial configuration (perform once):
1. Create a BlackBerry Administration Service
administrator with the following credentials:
• User name: SQLU1
• Password: SQLP1
2. Save the BlackBerry Administration Service
administrator credentials in the Windows registry using
the following command: BESUserAdminClient -
set_client_auth "-bas_auth" -set_p password1
Then run the following command: BESUserAdminClient -p
password1 -sqluser SQLU1 -sqlpass SQLP1....
BlackBerry Enterprise Server User Administration Tool
version 5.0
Initial configuration (perform once):
1. Create a BlackBerry Administration Service
administrator with the following credentials:
• User name: BASU1
• Password: BASP1
2. Save the BlackBerry Administration Service
administrator credentials in the Windows® registry using
the following command: BESUserAdminClient -
set_client_auth "-username BASU1 -password
BASP1 -bas_auth" -set_p password1
Then run the following command: BESUserAdminClient -p
password1
15
Administration Guide
Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool
Example: Changing the authentication credentials in the Windows registry to a Microsoft Active Directory user
BlackBerry Enterprise Server User Administration Tool
version 4.1.x
BlackBerry Enterprise Server User Administration Tool
version 5.0
Not applicable Run the following command:
BESUserAdminClient -set_client_auth "-username ADU1
-password ADP1 -ad_auth -domain D1" -set_p password1
Example: Changing the client password
BlackBerry Enterprise Server User Administration Tool
version 4.1.x
1. Remove the existing BlackBerry Enterprise Server User
Administration Tool service.
2. Re-install the service using the new client password.
BlackBerry Enterprise Server User Administration Tool
version 5.0
Run the following command:
BESUserAdminClient -set_client_auth "-username ADU1
-password ADP1 -ad_auth -domain D1" -set_p password2
Example: Overriding the requirement to use authentication credentials in the Windows registry
BlackBerry Enterprise Server User Administration Tool
version 4.1.x
BlackBerry Enterprise Server User Administration Tool
version 5.0
Not applicable Run the following command:
BESUserAdminClient -username username1 -password
password1..
Example: Denying access permanently or temporarily using the -p command
BlackBerry Enterprise Server User Administration Tool
version 4.1.x
BlackBerry Enterprise Server User Administration Tool
version 5.0
Change the appropriate Windows registry entry. Run the following command:
BESUserAdminClient -set_client_auth "" -set_p
password
16
Administration Guide
Managing user accounts
Managing user accounts
The BlackBerry® Enterprise Server uses predefined roles that correspond to common administrative roles in organizations to
control who can perform specific tasks and to limit who can access sensitive data.
The BlackBerry Enterprise Server User Administration Tool uses the BlackBerry Administration Service credentials that you type
on the command line.
Your current role is defined by the BlackBerry Administration Service. The -v parameter in the BlackBerry Enterprise Server User
Administration Tool does not display your role.
The authentication information is encrypted when it passes from the BlackBerry Enterprise Server User Administration Tool to
the BlackBerry Administration Service and to the BlackBerry Configuration Database.
2
Adding user accounts
Add a new user account to the BlackBerry Enterprise Server
1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -add and the following parameters:
• -u <user_name>
• -pin <PIN> (use with the -u parameter for the BlackBerry® Enterprise Server for MDS Applications only)
• -b <instance>
Example: Adding a user account to a BlackBerry Enterprise Server for Microsoft Exchange, and assigning an IT policy
besuseradminclient-username admin -password password -add -u smoser@test.rim.net -b server1 -it_policy “User Can Change
Timeout”
Example: Adding a user account to a BlackBerry Enterprise Server for IBM Lotus Domino, and assigning an IT policy
besuseradminclient -username admin -password password -add -u “CN=Sam Moser/O=Server01” -b CN=Server01/
O=test.rim.net -it_policy “User Can Change Timeout”
Example: Adding a user account to a BlackBerry Enterprise Server for Novell GroupWise, and assigning an IT policy
besuseradminclient -username admin -password password -add -u sammoser -b server01 -it_policy “User Can Change Timeout”
Example: Adding a user account to a BlackBerry Enterprise Server for MDS Applications, and assigning an IT policy
besuseradminclient -username admin -password password -add -u xxxxxxxx -pin xxxxxxxx -b server01 -it_policy “User Can
Change Timeout”
17
Administration Guide
Adding user accounts
Add a new user account to a group
1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -add and the following parameters:
• -u <user_name>
• -b <instance>
• -group <group_name>
Example: Adding a new user account to a BlackBerry Enterprise Server for Microsoft Exchange, to a user group, and to
an IT policy
besuseradminclient -username admin -password password -add -u smoser@test.rim.net -b server01 -group administrators it_policy “User Can Change Timeout”
Add an existing user account to a group
1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -change and the following parameters:
• -u <user_name>
• -b <instance>
• -group <group_name>
Example
besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server1 -group administrators
Assign a software configuration to a user account
1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -assign_swconfig and the following parameters:
• -u <user_name>
• -sw <configuration_name>
18
Administration Guide
Example
besuseradminclient -username admin -password password - assign_swconfig -u "sam, moser” -b server1 -sw games
Finding user accounts
Finding user accounts
Find a user account
You can use the -u subparameter to specify the user account that the BlackBerry® Enterprise Server User Administration Tool
searches for.
1. To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -find and the following parameter:
• -u <user_name>
Example: Finding a user account on the BlackBerry Enterprise Server for Microsoft Exchange
besuseradminclient -username admin -password password -find -u smoser@test.rim.net
Changing and removing user accounts
Move a user account to a different BlackBerry Enterprise Server
The source and the target BlackBerry® Enterprise Server instances must use the same BlackBerry Configuration Database.
1. To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -move and the following parameters:
• -b <instance> (source BlackBerry Enterprise Server instance)
• -u <user_name>
• -t <instance> (target or destination BlackBerry Enterprise Server instance)
Example: Moving a user account to a different BlackBerry Enterprise Server for Microsoft Exchange
besuseradminclient -username admin -password password -move -u smoser@test.rim.net -b server01 -t server02
19
Administration Guide
Changing and removing user accounts
Move a user account to a different user group
A user account can belong to more than one group. You can perform this task if you want the user account to belong to only the
group that you specify.
Before you begin:
Delete the user account from the existing group.
1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -change and the following parameters:
• -u <user_name>
• -b <instance>
• -group <group_name>
Example
besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server01 -group security
Delete a user account from a group
1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -change and the following parameters:
• -u <user_name>
• -b <instance>
• -cgroup <group_name>
Example: Deleting a user account from a user group on the BlackBerry Enterprise Server for Microsoft Exchange
besuseradminclient -username admin -change -u smoser@test.rim.net -b server01 -cgroup powerusers
Delete a software configuration from a user account
1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -assign_swconfig -csw and the name of the software configuration.
20
Administration Guide
Example
besuseradminclient -username admin -password password -assign_swconfig -csw config1 -u “sam, moser” -b server1
Change user account settings
Delete a user account from the BlackBerry Enterprise Server
1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -delete and the following parameters:
• -u <user_name>
• -b <instance>
Example: Deleting a user account from the BlackBerry Enterprise Server for Microsoft Exchange
besuseradminclient -delete -username admin -password password -u smoser@test.rim.net -b server01
Change user account settings
The BlackBerry® Enterprise Server for MDS Applications does not support this task.
1. To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -change and the following parameters:
• -u <user_name>
• -b <instance>
Example: Clearing the user account filters
besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server01 -cf
Example: Making the BlackBerry MDS Connection Service unavailable to a user account, changing the activation
password, and specifying the password expiry time for the user account
besuseradminclient -change -username admin -password password -u smoser@test.rim.net -b server01 -dm -w password3 -wt
96
Example: Specifying the activation password and the password expiry time for a group of users
besuseradminclient -change -username admin -password password -g administrators -w password3 -wt 120
21
Administration Guide
List the groups in a BlackBerry Domain
List the groups in a BlackBerry Domain
1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -list -groups.
Example
besuseradminclient -username admin -password password -list -groups
22
Administration Guide
Managing email message forwarding
Managing email message forwarding
3
Turn on or turn off email message forwarding
The BlackBerry® Enterprise Server for MDS Applications does not support this task. By default, email message forwarding is
turned off.
1. To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Perform one of the following actions:
• To turn on email message forwarding, type besuseradminclient <credentials> -change -er and the following
parameters:
• -u <user_name>
• -b <instance>
• To turn off email message forwarding, type besuseradminclient <credentials> -change -dr and the following
parameters:
• -u <user_name>
• -b <instance>
Example: Turning on email message forwarding for a user account
besuseradminclient -username admin -password password1 -change -u smoser@test.rim.net -b server01 -er
Example: Turning off email message forwarding for a user account
besuseradminclient-username admin -password password1 -change -u smoser@test.rim.net -b server01 -dr
List the folders that are available for email message forwarding
The BlackBerry® Enterprise Server for MDS Applications does not support this task.
1. To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -list -folders and the following parameters:
• -u <user_name>
• -b <instance>
Example
23
Administration Guide
besuseradminclient -username admin -password password -list -folders -u sammoser -b server01
Turn on or turn off email message forwarding for folders
Turn on or turn off email message forwarding for folders
The BlackBerry® Enterprise Server for MDS Applications does not support this task.
If you are using the BlackBerry® Enterprise Server for Microsoft® Exchange, a folder name can contain a slash mark (/). To specify
the folder, you must type the escape character backslash (\) before the slash mark.
1. To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Perform one of the following actions:
• To turn on email message forwarding for folders, type besuseradminclient <credentials> -set_folder_redirection -
er and the following parameters:
• -u <user_name>
• -b <instance>
• -foldername <folder_name>
• To turn off email message forwarding for folders, type besuseradminclient -set_folder_redirection <credentials> -
dr and the following parameters:
• -u <user_name>
• -b <instance>
• -foldername <folder_name>
Example: Turning on email message forwarding for a folder
besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 foldername Sent -er
Example: Turning off email message forwarding for a folder
besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 foldername Sent -dr
Example: Turning on email message forwarding for a folder using a folder name that contains a slash mark
besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 foldername Inbox\/subfolder1\/sub\/folder2 -er
24
Administration Guide
Managing IT policies and IT policy rules
Managing IT policies and IT policy rules
4
List the IT policy rules in an IT policy
1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -list -it_policy_rules and the following parameter:
• -it_policy <policy_name>
Example: Listing the IT policy rules and displaying them in an output file
besuseradminclient -username admin -password password -list -it_policy_rules -it_policy "Advanced Security" -o
AdvancedSecurity.csv
Example output
Policy Name, Policy Group, Rule Name, Rule Value, Rule Type
Advanced Security, Device only, User Can Disable Password, No, BOOLEAN
Advanced Security, Bluetooth, Disable Serial Port Profile, Yes, BOOLEAN
Advanced Security, Security, Force Lock When Holstered, Yes, BOOLEAN
Advanced Security, Password, Maximum Password History, 6, INTEGER
Advanced Security, Device only, Password Pattern Checks, At least 1 alpha and 1 numeric character, ENUMERATION: 0|No
restriction|1|At least 1 alpha and 1 numeric character|2|At least 1 alpha, 1 numeric, and 1 special character|3|At least 1 upper-case
alpha, 1 lower-case alpha, 1 numeric, and 1 special character
Advanced Security, Bluetooth, Disable File Transfer, Yes, BOOLEAN
Advanced Security, Bluetooth, Disable Discoverable Mode, Yes, BOOLEAN
Advanced Security, Bluetooth, Require LED Connection Indicator, Yes, BOOLEAN
Advanced Security, Device only, Enable Long-Term Timeout, Yes, BOOLEAN
Advanced Security, Policy Information, IT Policy Name, Advanced Security, STRING
Advanced Security, Security, Disable USB Mass Storage, Yes, BOOLEAN
Advanced Security, Security, Content Protection Strength, Strong, ENUMERATION: 0|Strong|1|Stronger|2|Strongest
Advanced Security, Device only, User Can Change Timeout, Yes, BOOLEAN
25
Administration Guide
Advanced Security, Security, External File System Encryption Level, Encrypt to User Password (excluding multi-media directories),
ENUMERATION: 0|Not Required|1|Encrypt to User Password (excluding multi-media directories)|2|Encrypt to User Password
(including multi-media directories)|3|Encrypt to Device Key (excluding multi-media directories)|4|Encrypt to Device Key
(including multi-media directories)|5|Encrypt to User Password and Device Key (excluding multimedia directories)|6|Encrypt to
User Password and Device Key (including multimedia directories)
Advanced Security, WLAN, WLAN Allow Handheld Changes, No, BOOLEAN
Advanced Security, Device only, Maximum Security Timeout, 10, INTEGER
Advanced Security, Bluetooth, Disable Address Book Transfer, Yes, BOOLEAN
Advanced Security, Device only, Maximum Password Age, 30, INTEGER
Advanced Security, Device only, Password Required, Yes, BOOLEAN
Set IT policy rules for a user account
Set IT policy rules for a user account
1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -set_user_itpolicy_rule and the following parameters:
• -u <user_name>
• -b <instance>
• -policyrule <rule_name>
• -policyvalue <value>
Example: Specifying a single IT policy rule for a user account
besuseradminclient -username admin -password password -set_user_itpolicy_rule -u smoser@test.rim.net -b server01 policyrule “VPN User Name” -policyvalue smoser
List the IT policies in the BlackBerry Configuration Database
1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts
the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise
Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2. Type besuseradminclient <credentials> -list -it_policies.
Example
besuseradminclient -username admin -password password -list -it_policies
26
Loading...