BlackBerry Enterprise Server Resource Kit
BlackBerry Enterprise Server User Administration Tool
Version: 5.0
Administration Guide
SWD-504685-0330050601-001
Contents |
|
|
1 |
Overview....................................................................................................................................................................................... |
5 |
|
BlackBerry Enterprise Server User Administration Tool............................................................................................................. |
5 |
|
Preconfigured administrative roles for the BlackBerry Enterprise Server................................................................................ |
5 |
|
New in this release......................................................................................................................................................................... |
9 |
|
Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration |
|
|
Tool................................................................................................................................................................................................... |
12 |
|
Supported authentication models........................................................................................................................................ |
12 |
|
Authentication credentials.................................................................................................................................................... |
12 |
|
Syntax for authentication credentials.................................................................................................................................. |
13 |
|
Setting authentication credentials....................................................................................................................................... |
13 |
|
Storing an encrypted set of authentication credentials in the Windows registry.......................................................... |
13 |
|
Extracting credentials that are stored in the Windows registry........................................................................................ |
14 |
|
String value requirements..................................................................................................................................................... |
14 |
|
Use cases................................................................................................................................................................................. |
14 |
2 |
Managing user accounts............................................................................................................................................................ |
17 |
|
Adding user accounts..................................................................................................................................................................... |
17 |
|
Add a new user account to the BlackBerry Enterprise Server........................................................................................... |
17 |
|
Add a new user account to a group...................................................................................................................................... |
18 |
|
Add an existing user account to a group............................................................................................................................. |
18 |
|
Assign a software configuration to a user account............................................................................................................ |
18 |
|
Finding user accounts.................................................................................................................................................................... |
19 |
|
Find a user account................................................................................................................................................................ |
19 |
|
Changing and removing user accounts........................................................................................................................................ |
19 |
|
Move a user account to a different BlackBerry Enterprise Server.................................................................................... |
19 |
|
Move a user account to a different user group................................................................................................................... |
20 |
|
Delete a user account from a group..................................................................................................................................... |
20 |
|
Delete a software configuration from a user account........................................................................................................ |
20 |
|
Delete a user account from the BlackBerry Enterprise Server.......................................................................................... |
21 |
|
Change user account settings....................................................................................................................................................... |
21 |
|
List the groups in a BlackBerry Domain....................................................................................................................................... |
22 |
3 Managing email message forwarding...................................................................................................................................... |
23 |
|
|
Turn on or turn off email message forwarding............................................................................................................................ |
23 |
|
List the folders that are available for email message forwarding............................................................................................. |
23 |
|
Turn on or turn off email message forwarding for folders......................................................................................................... |
24 |
4 |
Managing IT policies and IT policy rules.................................................................................................................................. |
25 |
|
List the IT policy rules in an IT policy............................................................................................................................................ |
25 |
|
Set IT policy rules for a user account............................................................................................................................................ |
26 |
|
List the IT policies in the BlackBerry Configuration Database.................................................................................................. |
26 |
5 |
Managing BlackBerry devices................................................................................................................................................... |
27 |
|
Set a password for a BlackBerry device........................................................................................................................................ |
27 |
|
Set owner information on a BlackBerry device............................................................................................................................ |
27 |
|
Delete pending messages.............................................................................................................................................................. |
28 |
|
Resend a service book.................................................................................................................................................................... |
28 |
|
Resend the peer-to-peer encryption key..................................................................................................................................... |
29 |
|
Protect a stolen BlackBerry device................................................................................................................................................ |
29 |
6 |
Sending notification messages to BlackBerry devices.......................................................................................................... |
30 |
|
Send a notification PIN message.................................................................................................................................................. |
30 |
|
Send a notification email message............................................................................................................................................... |
31 |
7 |
Retrieving user account statistics and information about BlackBerry devices.................................................................. |
32 |
|
Retrieve user account statistics..................................................................................................................................................... |
32 |
|
Results of a statistics query for a user account................................................................................................................... |
32 |
|
Clear user account statistics.......................................................................................................................................................... |
34 |
|
Retrieve enterprise activation statistics for a user account....................................................................................................... |
34 |
8 |
Retrieving BlackBerry device information............................................................................................................................... |
36 |
|
List the applications that are available on one or more BlackBerry devices............................................................................ |
36 |
|
List the BlackBerry devices that a specific application is installed on..................................................................................... |
36 |
|
Retrieve the statistics for BlackBerry devices.............................................................................................................................. |
36 |
|
Results of a statistics query for a BlackBerry device.......................................................................................................... |
37 |
|
List the modules and .cod files that are available on a BlackBerry device............................................................................... |
38 |
9 |
Retrieve statistics for the BlackBerry Enterprise Server or the messaging server............................................................ |
39 |
|
Results of a statistics query for a BlackBerry Enterprise Server................................................................................................ |
39 |
10 |
Troubleshooting the BlackBerry Enterprise Server User Administration Tool................................................................... |
41 |
|
Check the status of the BlackBerry Enterprise Server User Administration Tool................................................................... |
41 |
|
Configuring log files....................................................................................................................................................................... |
41 |
11 |
Parameters for the BlackBerry Enterprise Server User Administration Tool..................................................................... |
43 |
|
Using the command summary in the help file............................................................................................................................ |
43 |
12 |
Common parameters................................................................................................................................................................... |
44 |
13 |
Input, output, and user feedback parameters......................................................................................................................... |
45 |
14 |
-add................................................................................................................................................................................................ |
47 |
15 |
-assign_swconfig......................................................................................................................................................................... |
50 |
16 |
-change......................................................................................................................................................................................... |
52 |
17 |
-delete........................................................................................................................................................................................... |
56 |
18 |
-find............................................................................................................................................................................................... |
58 |
19 |
-handheld_info............................................................................................................................................................................ |
59 |
20 |
-kill_handheld.............................................................................................................................................................................. |
62 |
21 |
-list................................................................................................................................................................................................. |
64 |
22 |
-move............................................................................................................................................................................................. |
67 |
23 |
-resend_peer_to_peer_key....................................................................................................................................................... |
69 |
24 |
-resend_service_book................................................................................................................................................................ |
70 |
25 |
-send_email.................................................................................................................................................................................. |
71 |
26 |
-send_pin...................................................................................................................................................................................... |
73 |
27 |
-set_client_auth.......................................................................................................................................................................... |
75 |
28 |
-set_folder_redirection.............................................................................................................................................................. |
77 |
29 |
-set_owner_info.......................................................................................................................................................................... |
79 |
30 |
-set_password.............................................................................................................................................................................. |
81 |
31 |
-set_user_itpolicy_rule.............................................................................................................................................................. |
82 |
32 |
-stats.............................................................................................................................................................................................. |
84 |
33 |
-status........................................................................................................................................................................................... |
86 |
34 |
Glossary......................................................................................................................................................................................... |
87 |
35 |
Provide feedback......................................................................................................................................................................... |
88 |
36 |
Legal notice.................................................................................................................................................................................. |
89 |
Administration Guide |
Overview |
Overview |
|
1 |
The BlackBerry® Enterprise Server Resource Kit is a collection of tools that can help you extend your ability to manage and monitor the BlackBerry® Enterprise Solution. You can download the BlackBerry Enterprise Server Resource Kit from www.blackberry.com/support/downloads.
The BlackBerry Enterprise Server Resource Kit contains the following tool packages:
•BlackBerry Enterprise Server User Administration Tool
•BlackBerry Analysis, Monitoring, and Troubleshooting Tools
•BlackBerry Enterprise Transporter
You can use the BlackBerry® Enterprise Server User Administration Tool to manage user accounts on the BlackBerry® Enterprise Server on a large scale. For example, you can add, find, move, and remove user accounts, or change user account configurations.
You can run the BlackBerry Enterprise Server User Administration Tool from a command prompt to perform BlackBerry Enterprise Server administration tasks or to gather management and monitoring information.
The BlackBerry Enterprise Server User Administration Tool connects to the BlackBerry Administration Service to obtain information from and store information in the BlackBerry Configuration Database.
The BlackBerry® Enterprise Server installation includes preconfigured administrative roles. Each preconfigured administrative role has a number of permissions turned on.
You can configure additional permissions in the preconfigured administrative roles, or you can turn off any of the permissions that are shown in the following table. For more information, visit www.blackberry.com/go/serverdocs to read the BlackBerry Enterprise Server Administration Guide.
|
|
Enterprise |
Senior |
Junior |
Server only |
User only |
|
Permission name |
Security role |
Helpdesk |
Helpdesk |
||||
role |
role |
role |
|||||
|
|
|
role |
role |
|
|
|
Create a group |
* |
* |
* |
|
|
* |
|
Delete a group |
* |
* |
|
|
|
* |
|
View a group (across Group) |
* |
* |
* |
* |
|
* |
|
Edit a group (across Group) |
* |
* |
* |
|
|
* |
|
|
|
|
|
|
|
|
5
Administration Guide |
Preconfigured administrative roles for the BlackBerry Enterprise Server |
|
|
Enterprise |
Senior |
Junior |
Server only |
User only |
|
Permission name |
Security role |
Helpdesk |
Helpdesk |
||||
role |
role |
role |
|||||
|
|
|
role |
role |
|
|
|
Create a user |
* |
* |
* |
|
|
* |
|
Delete a user |
* |
* |
* |
|
|
* |
|
View a user (across Group) |
* |
* |
* |
* |
|
* |
|
Edit a user (across Group) |
* |
* |
* |
|
|
* |
|
View a device (across Group) |
* |
* |
* |
* |
|
* |
|
Edit a device (across Group) |
* |
* |
* |
* |
|
* |
|
View device activation |
* |
* |
|
|
|
* |
|
settings |
|
|
|
|
|
|
|
Edit device activation |
* |
* |
|
|
|
* |
|
settings |
|
|
|
|
|
|
|
Create an IT policy |
* |
* |
|
|
|
* |
|
Delete an IT policy |
* |
* |
|
|
|
* |
|
View an IT policy |
* |
* |
* |
* |
|
* |
|
Edit an IT policy |
* |
* |
|
|
|
* |
|
Import an IT policy |
* |
* |
|
|
|
* |
|
Export a data file |
* |
* |
|
|
* |
* |
|
Create a user-defined IT |
* |
* |
|
|
|
* |
|
policy template |
|
|
|
|
|
|
|
Delete a user-defined IT |
* |
* |
|
|
|
* |
|
policy template |
|
|
|
|
|
|
|
Edit a user-defined IT policy |
* |
* |
|
|
|
* |
|
template |
|
|
|
|
|
|
|
Import an IT policy template |
* |
* |
|
|
|
* |
|
Create a software |
* |
* |
|
|
|
* |
|
configuration |
|
|
|
|
|
|
|
View a software |
* |
* |
* |
* |
|
* |
|
configuration |
|
|
|
|
|
|
|
Edit a software configuration |
* |
* |
|
|
|
* |
|
Delete a software |
* |
* |
|
|
|
* |
|
configuration |
|
|
|
|
|
|
|
Create an application |
* |
* |
|
|
|
* |
|
|
|
|
|
|
|
|
6
Administration Guide |
Preconfigured administrative roles for the BlackBerry Enterprise Server |
|
|
Enterprise |
Senior |
Junior |
Server only |
User only |
|
Permission name |
Security role |
Helpdesk |
Helpdesk |
||||
role |
role |
role |
|||||
|
|
|
role |
role |
|
|
|
View an application |
* |
* |
* |
* |
|
* |
|
Edit an application |
* |
* |
|
|
|
* |
|
Delete an application |
* |
* |
|
|
|
* |
|
Create an administrator user |
* |
* |
|
|
|
* |
|
Specify activation password |
* |
* |
* |
* |
|
* |
|
Turn off and on external |
* |
* |
* |
|
|
* |
|
services |
|
|
|
|
|
|
|
Clear activation password |
* |
* |
* |
* |
|
* |
|
Clear synchronization |
* |
* |
* |
|
|
* |
|
backup data |
|
|
|
|
|
|
|
Clear user statistics |
* |
* |
* |
* |
|
* |
|
Reset user field mapping |
* |
* |
* |
|
|
* |
|
Turn on redirection |
* |
* |
* |
|
|
* |
|
Turn off redirection |
* |
* |
* |
|
|
* |
|
Refresh available user list |
* |
* |
* |
|
* |
* |
|
from company directory |
|
|
|
|
|
|
|
Synchronize GroupWise® |
* |
* |
|
|
* |
|
|
System Address Book |
|
|
|
|
|
|
|
Clear and synchronize |
* |
* |
|
|
* |
|
|
GroupWise System Address |
|
|
|
|
|
|
|
Book |
|
|
|
|
|
|
|
View a server |
* |
* |
|
|
* |
|
|
Edit a server |
* |
* |
|
|
* |
|
|
View a component |
* |
* |
|
|
* |
|
|
Edit a component |
* |
* |
|
|
* |
|
|
View an instance |
* |
* |
|
|
* |
|
|
Edit an instance |
* |
* |
|
|
* |
|
|
Change the status of an |
* |
* |
|
|
* |
|
|
instance |
|
|
|
|
|
|
|
Edit an instance relationship |
* |
* |
|
|
* |
|
|
View a job |
* |
* |
|
|
|
* |
|
|
|
|
|
|
|
|
7
Administration Guide |
Preconfigured administrative roles for the BlackBerry Enterprise Server |
|
|
Enterprise |
Senior |
Junior |
Server only |
User only |
|
Permission name |
Security role |
Helpdesk |
Helpdesk |
||||
role |
role |
role |
|||||
|
|
|
role |
role |
|
|
|
Edit a job |
* |
* |
|
|
|
* |
|
View default distribution |
* |
* |
|
|
|
* |
|
settings for a job |
|
|
|
|
|
|
|
Edit default distribution |
* |
* |
|
|
|
* |
|
settings for a job |
|
|
|
|
|
|
|
Update peer-to-peer |
* |
* |
|
|
* |
|
|
encryption key |
|
|
|
|
|
|
|
View job distribution settings |
* |
* |
|
|
|
* |
|
Edit job distribution settings |
* |
* |
|
|
|
* |
|
Delete an instance |
* |
* |
|
|
* |
|
|
Edit license keys |
* |
* |
|
|
* |
|
|
License key view |
* |
* |
|
|
* |
|
|
Manually fail a job |
* |
* |
|
|
|
* |
|
Clear instance statistics |
* |
* |
|
|
* |
|
|
Clear statistics for a |
* |
* |
|
|
* |
|
|
BlackBerry MDS Connection |
|
|
|
|
|
|
|
Service instance |
|
|
|
|
|
|
|
View push rules for the |
* |
* |
* |
* |
* |
* |
|
BlackBerry MDS Connection |
|
|
|
|
|
|
|
Service |
|
|
|
|
|
|
|
View pull rules for the |
* |
* |
* |
* |
|
* |
|
BlackBerry MDS Connection |
|
|
|
|
|
|
|
Service |
|
|
|
|
|
|
|
Send message (across |
* |
* |
* |
* |
|
* |
|
Group) |
|
|
|
|
|
|
|
Create a role |
* |
|
|
|
|
* |
|
Delete a role |
* |
|
|
|
|
* |
|
View a role |
* |
* |
|
|
|
* |
|
Edit a role |
* |
|
|
|
|
* |
|
Add and remove a role |
* |
* |
|
|
|
* |
|
(across Group) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8
Administration Guide |
New in this release |
|
|
Enterprise |
Senior |
Junior |
Server only |
User only |
|
Permission name |
Security role |
Helpdesk |
Helpdesk |
||||
role |
role |
role |
|||||
|
|
|
role |
role |
|
|
|
|
|
|
|
|
|
|
View a group across organizations
Edit a group across organizations
Add and remove a role across organizations
View a device across organizations
Edit a device across organizations
Register an event notification
Create an event notification
Edit a BlackBerry
Administration Service timer
View BlackBerry Monitoring
Service information
Edit BlackBerry Monitoring
Service settings
New in this release
BlackBerry Analysis, Monitoring, and Troubleshooting Tools
The functionality of the following BlackBerry® Analysis, Monitoring, and Troubleshooting Tools has been integrated into the BlackBerry Enterprise Server User Administration Tool. As a result, the tools are no longer distributed separately.
Tool |
Description |
|
|
BlackBerry Enterprise Activation |
To generate a report of the stages of activation for a user account, in the BlackBerry |
Status Reporting Tool |
Enterprise Server User Administration Tool, you can run the following command: |
(EAStatus.exe) |
besuseradminclient <credentials> -list -eastatus |
|
|
|
|
9
Administration Guide |
New in this release |
Tool |
Description |
|
|
BlackBerry IT Policy Template |
To display the preconfigured IT policies that are available on a BlackBerry® Enterprise |
Reporting Tool |
Server, in the BlackBerry Enterprise Server User Administration Tool, you can run the |
(ITPolicyTemplateReport.exe) |
following command: |
|
|
|
besuseradminclient <credentials> -list -it_policy_templates |
Parameter changes in the BlackBerry Enterprise Server User Administration Tool |
|
|
|
Parameter |
Description |
|
|
-change -u -cw |
This subparameter removes the activation password for a BlackBerry device from the |
|
BlackBerry Configuration Database. |
-delete -u -force |
This subparameter forces the removal of a user account from the BlackBerry Configuration |
|
Database, even if a mailbox does not exist for the user. |
|
The -force subparameter replaces the -hard subparameter. |
-i <input_filename> |
This subparameter provides the option for all commands that have command line options |
|
to use an input file. |
|
The first line of the input file is a comma-separated list of options that the columns |
|
represent. This list can be any (non-empty) subset of valid options in any order. For Boolean |
|
options, such as -cs, a column value of 0 or FALSE (not case-sensitive) turn off the option. |
|
All other values, including the empty value, turn on the option. |
-list -servers |
This subparameter lists all BlackBerry Enterprise Server and messaging server instances. |
-o <output_filename> |
This subparameter provides the option to create an output file. |
|
You can use this subparameter with any command. |
-p <password> |
This subparameter specifies the authentication password that the BlackBerry Enterprise |
|
Server User Administration Tool uses to extract authentication credentials from the |
|
Windows® registry and use in command line options. The parameter was previously used |
|
to authenticate the BESUserAdminClient with the BESUserAdminService. |
-set_client_auth |
This parameter specifies the credentials that the BlackBerry Enterprise Server User |
Administration Tool uses to authenticate with the BlackBerry Administration Service. You run the following command:
besuseradminclient -set_client_auth <credentials_to_set> -set_p <password> Previously, -set_client_auth was a subparameter that was used with other commands.
10
Administration Guide
Parameter |
Description |
|
|
|
|
-stats -service -b <instance> and |
These subparameters display statistics for a BlackBerry Enterprise Server component or |
|
-stats -service -email <instance> |
for a BlackBerry Messaging Agent instance. |
|
|
|
|
|
They replace the following subparameters: |
|
|
• |
-stats -b <instance> |
|
• |
-stats -servers |
-v <level> |
The <level> variable allows you to specify the level of detail that is provided in log files by |
|
|
using one of the following options: |
|
|
• |
TRACE |
|
• |
DEBUG |
|
• |
WARNING |
|
• |
ERROR |
|
• |
INFORMATIONAL |
|
The default level is set at DEBUG. |
|
|
The -v parameter was previously used to specify only a verbose reporting level. |
|
Parameters that are no longer used in the BlackBerry Enterprise Server User Administration Tool |
||
|
|
|
Parameter |
Description |
|
|
|
|
-add -u -domaddrsvr |
This parameter was used by the BlackBerry Enterprise Server User Administration Tool to |
|
<servername> |
identify the remote address book server to look up a user. |
|
-add -infofile |
This parameter has been enhanced to -add -i <input_filename>. |
|
- change -infofile |
This parameter has been enhanced to -change -i <input_filename>. |
|
- change -u -cpin |
This parameter was used to remove the PIN for a user account from the BlackBerry |
|
|
Configuration Database. |
|
-delete -f |
This parameter has been enhanced to -delete -force. |
|
-delete -hard |
This parameter has been enhanced to -delete -force. |
|
-stats -b <instance> |
This parameter has been enhanced to -stats -service -b <instance> and -stats -service - |
|
|
email <instance>. |
|
-stats -servers |
This parameter has been enhanced to -stats -service -b <instance> and -stats -service - |
|
|
email <instance>. |
|
|
|
|
11
Administration Guide |
Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool |
Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool
If your organization uses applications that work with previous versions of the BlackBerry® Enterprise Server User Administration Tool, in many cases, these applications also work with version 5.0 of the tool.
In BlackBerry® Enterprise Server version 5.0, the models for authentication (login) and authorization (roles or capabilities) for administration are different from the models that were used in previous versions.
BlackBerry Enterprise Server version 5.0 supports the following authentication models:
•BlackBerry Administration Service authentication (default)
•mailbox authentication (IBM® Lotus® Domino® environment only)
•Microsoft® Active Directory® authentication
BlackBerry Enterprise Server version 5.0 does not support Windows® authentication or Microsoft® SQL Server® authentication.
You must create one of the following administrators with sufficient credentials to authenticate with the BlackBerry Administration Service:
•administrator in the BlackBerry Administration Service
•mailbox administrator (IBM Lotus Domino environment only)
•administrator in Microsoft Active Directory
Roles or capabilities that are based on database user accounts are not supported in BlackBerry Enterprise Server version 5.0.
For more information about how to create a BlackBerry Administration Service administrator, visit www.blackberry.com/go/ serverdocs to read the BlackBerry Enterprise Server Administration Guide.
In the BlackBerry® Enterprise Server User Administration Tool version 5.0, you can use the following parameters interchangeably:
•"-username" or "-sqluser" (authentication user name)
•"-password" or "-sqlpass" (authentication password)
The BlackBerry Enterprise Server User Administration Tool uses the values associated with these options for the authentication and authorization models that are supported in the BlackBerry® Enterprise Server version 5.0. The tool does not does not support Microsoft® SQL Server® authentication or roles or capabilities that are defined on the Microsoft SQL Server database engine.
12
Administration Guide |
Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool |
In the BlackBerry® Enterprise Server User Administration Tool BlackBerry Enterprise Server User Administration Tool, the variable <credentials> represents the user name and password that you use for authentication with the BlackBerry Administration Service.
The BlackBerry Enterprise Server User Administration Tool uses the following syntax for authentication credentials.
Item |
Description |
|
|
-username <user name> |
authentication user name |
-sqluser <user name> |
|
-password <password> |
authentication password |
-sqlpass <password> |
|
-domain <domain> |
authentication domain |
-bas_auth |
use BlackBerry Administration Service authentication (default) |
-mailbox_auth |
use mailbox authentication (IBM® Lotus® Domino® environment only) |
-ad_auth |
use Microsoft® Active Directory® authentication |
|
|
In the BlackBerry Enterprise Server User Administration Tool, the variable <credentials> represents the user name and password that you use for authentication with the BlackBerry Administration Service.
The BlackBerry® Enterprise Server User Administration Tool uses the -set_client_auth <credentials> -set_p <password> command to store credentials in the Windows® registry and then insert the credentials into the command line options.
Example
BESUserAdminClient -username admin -password password -set_client_auth "-username smoser -password password1 - ad_auth -domain test.rim.net" -set_p password
This creates the following Windows registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Resource Kit\BESUserAdmin\ClientAuth
13
Administration Guide |
Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool |
The BlackBerry® Enterprise Server User Administration Tool uses the -p <password> command to extract and decrypt credentials that are stored in the Windows® registry and then inserts the credentials into the command line options.
Example
BESUserAdminClient -p password1 -status This runs the following command:
BESUserAdminClient -username smoser -password password1 -ad_auth -domain test.rim.net -status
To specify -set_client_auth values that contain characters in double quotation marks, you must surround the entire string with double quotation marks. You must use a set of quotation marks to escape every embedded set of characters that are in double quotation marks.
Example: Using double quotation marks to specify a work location nickname for a user
If you have two users with the same name, Sam Moser, one of whom works in Waterloo and the other in New York, you can specify the work location for the user as a nickname.
BESUserAdminClient -username "Sam \"Waterloo\" Moser" -password password -status You store this option and value in the Windows® registry using the following command:
BESUserAdminClient -set_p password1 -set_client_auth "-username ""Sam \"\"Waterloo\"\" Moser"" -password password"
In all the following examples, you log on to the computer that hosts the BlackBerry® Enterprise Server User Administration Tool using the following credentials:
•User name: NTLMU1
•Password: NTLMP1
Example: Running a command using SQL authentication
You log on to the computer that hosts the BlackBerry Enterprise Server User Administration Tool using the following credentials:
•User name: SQLU1
•Password: SQLP1
14
Administration Guide |
Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool |
BlackBerry Enterprise Server User Administration Tool |
BlackBerry Enterprise Server User Administration Tool |
version 4.1.x |
version 5.0 |
|
|
Run the following command: BESUserAdminClient -p
password1 -sqluser SQLU1 -sqlpass SQLP1...
Initial configuration (perform once):
1.Create a BlackBerry Administration Service administrator with the following credentials:
•User name: SQLU1
•Password: SQLP1
2.Save the BlackBerry Administration Service administrator credentials in the Windows registry using the following command: BESUserAdminClient - set_client_auth "-bas_auth" -set_p password1
Then run the following command: BESUserAdminClient -p
password1 -sqluser SQLU1 -sqlpass SQLP1....
Example: Running a command using Windows authentication
BlackBerry Enterprise Server User Administration Tool |
BlackBerry Enterprise Server User Administration Tool |
version 4.1.x |
version 5.0 |
|
|
Run the following command: BESUserAdminClient -p
password1...
Initial configuration (perform once):
1.Create a BlackBerry Administration Service administrator with the following credentials:
•User name: BASU1
•Password: BASP1
2.Save the BlackBerry Administration Service administrator credentials in the Windows® registry using the following command: BESUserAdminClient - set_client_auth "-username BASU1 -password BASP1 -bas_auth" -set_p password1
Then run the following command: BESUserAdminClient -p password1
15
Administration Guide |
Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool |
Example: Changing the authentication credentials in the Windows registry to a Microsoft Active Directory user
BlackBerry Enterprise Server User Administration Tool |
BlackBerry Enterprise Server User Administration Tool |
version 4.1.x |
version 5.0 |
|
|
Not applicable |
Run the following command: |
|
BESUserAdminClient -set_client_auth "-username ADU1 |
|
-password ADP1 -ad_auth -domain D1" -set_p password1 |
Example: Changing the client password |
|
|
|
BlackBerry Enterprise Server User Administration Tool |
BlackBerry Enterprise Server User Administration Tool |
version 4.1.x |
version 5.0 |
|
|
1. Remove the existing BlackBerry Enterprise Server User |
Run the following command: |
|
|
Administration Tool service. |
BESUserAdminClient -set_client_auth "-username ADU1 |
|
|
2. Re-install the service using the new client password. |
-password ADP1 -ad_auth -domain D1" -set_p password2 |
Example: Overriding the requirement to use authentication credentials in the Windows registry |
|
|
|
BlackBerry Enterprise Server User Administration Tool |
BlackBerry Enterprise Server User Administration Tool |
version 4.1.x |
version 5.0 |
|
|
Not applicable |
Run the following command: |
|
BESUserAdminClient -username username1 -password |
|
password1.. |
Example: Denying access permanently or temporarily using the -p command |
|
|
|
BlackBerry Enterprise Server User Administration Tool |
BlackBerry Enterprise Server User Administration Tool |
version 4.1.x |
version 5.0 |
|
|
Change the appropriate Windows registry entry. |
Run the following command: |
BESUserAdminClient -set_client_auth "" -set_p password
16
Administration Guide |
Managing user accounts |
Managing user accounts |
|
2 |
The BlackBerry® Enterprise Server uses predefined roles that correspond to common administrative roles in organizations to control who can perform specific tasks and to limit who can access sensitive data.
The BlackBerry Enterprise Server User Administration Tool uses the BlackBerry Administration Service credentials that you type on the command line.
Your current role is defined by the BlackBerry Administration Service. The -v parameter in the BlackBerry Enterprise Server User Administration Tool does not display your role.
The authentication information is encrypted when it passes from the BlackBerry Enterprise Server User Administration Tool to the BlackBerry Administration Service and to the BlackBerry Configuration Database.
1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -add and the following parameters:
•-u <user_name>
•-pin <PIN> (use with the -u parameter for the BlackBerry® Enterprise Server for MDS Applications only)
•-b <instance>
Example: Adding a user account to a BlackBerry Enterprise Server for Microsoft Exchange, and assigning an IT policy
besuseradminclient-username admin -password password -add -u smoser@test.rim.net -b server1 -it_policy “User Can Change Timeout”
Example: Adding a user account to a BlackBerry Enterprise Server for IBM Lotus Domino, and assigning an IT policy
besuseradminclient -username admin -password password -add -u “CN=Sam Moser/O=Server01” -b CN=Server01/ O=test.rim.net -it_policy “User Can Change Timeout”
Example: Adding a user account to a BlackBerry Enterprise Server for Novell GroupWise, and assigning an IT policy besuseradminclient -username admin -password password -add -u sammoser -b server01 -it_policy “User Can Change Timeout”
Example: Adding a user account to a BlackBerry Enterprise Server for MDS Applications, and assigning an IT policy
besuseradminclient -username admin -password password -add -u xxxxxxxx -pin xxxxxxxx -b server01 -it_policy “User Can Change Timeout”
17
Administration Guide |
Adding user accounts |
1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -add and the following parameters:
•-u <user_name>
•-b <instance>
•-group <group_name>
Example: Adding a new user account to a BlackBerry Enterprise Server for Microsoft Exchange, to a user group, and to an IT policy
besuseradminclient -username admin -password password -add -u smoser@test.rim.net -b server01 -group administrators - it_policy “User Can Change Timeout”
1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -change and the following parameters:
•-u <user_name>
•-b <instance>
•-group <group_name>
Example
besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server1 -group administrators
1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -assign_swconfig and the following parameters:
•-u <user_name>
•-sw <configuration_name>
18
Administration Guide |
Finding user accounts |
Example
besuseradminclient -username admin -password password - assign_swconfig -u "sam, moser” -b server1 -sw games
Finding user accounts
You can use the -u subparameter to specify the user account that the BlackBerry® Enterprise Server User Administration Tool searches for.
1.To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -find and the following parameter:
• -u <user_name>
Example: Finding a user account on the BlackBerry Enterprise Server for Microsoft Exchange besuseradminclient -username admin -password password -find -u smoser@test.rim.net
The source and the target BlackBerry® Enterprise Server instances must use the same BlackBerry Configuration Database.
1.To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -move and the following parameters:
•-b <instance> (source BlackBerry Enterprise Server instance)
•-u <user_name>
•-t <instance> (target or destination BlackBerry Enterprise Server instance)
Example: Moving a user account to a different BlackBerry Enterprise Server for Microsoft Exchange besuseradminclient -username admin -password password -move -u smoser@test.rim.net -b server01 -t server02
19
Administration Guide |
Changing and removing user accounts |
A user account can belong to more than one group. You can perform this task if you want the user account to belong to only the group that you specify.
Before you begin:
Delete the user account from the existing group.
1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -change and the following parameters:
•-u <user_name>
•-b <instance>
•-group <group_name>
Example
besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server01 -group security
1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -change and the following parameters:
•-u <user_name>
•-b <instance>
•-cgroup <group_name>
Example: Deleting a user account from a user group on the BlackBerry Enterprise Server for Microsoft Exchange besuseradminclient -username admin -change -u smoser@test.rim.net -b server01 -cgroup powerusers
1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -assign_swconfig -csw and the name of the software configuration.
20
Administration Guide |
Change user account settings |
Example
besuseradminclient -username admin -password password -assign_swconfig -csw config1 -u “sam, moser” -b server1
1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -delete and the following parameters:
•-u <user_name>
•-b <instance>
Example: Deleting a user account from the BlackBerry Enterprise Server for Microsoft Exchange besuseradminclient -delete -username admin -password password -u smoser@test.rim.net -b server01
Change user account settings
The BlackBerry® Enterprise Server for MDS Applications does not support this task.
1.To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -change and the following parameters:
•-u <user_name>
•-b <instance>
Example: Clearing the user account filters
besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server01 -cf
Example: Making the BlackBerry MDS Connection Service unavailable to a user account, changing the activation password, and specifying the password expiry time for the user account
besuseradminclient -change -username admin -password password -u smoser@test.rim.net -b server01 -dm -w password3 -wt 96
Example: Specifying the activation password and the password expiry time for a group of users besuseradminclient -change -username admin -password password -g administrators -w password3 -wt 120
21
Administration Guide |
List the groups in a BlackBerry Domain |
List the groups in a BlackBerry Domain
1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -list -groups.
Example
besuseradminclient -username admin -password password -list -groups
22
Administration Guide |
Managing email message forwarding |
Managing email message forwarding |
|
3 |
The BlackBerry® Enterprise Server for MDS Applications does not support this task. By default, email message forwarding is turned off.
1.To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Perform one of the following actions:
•To turn on email message forwarding, type besuseradminclient <credentials> -change -er and the following parameters:
•-u <user_name>
•-b <instance>
•To turn off email message forwarding, type besuseradminclient <credentials> -change -dr and the following parameters:
•-u <user_name>
•-b <instance>
Example: Turning on email message forwarding for a user account
besuseradminclient -username admin -password password1 -change -u smoser@test.rim.net -b server01 -er
Example: Turning off email message forwarding for a user account
besuseradminclient-username admin -password password1 -change -u smoser@test.rim.net -b server01 -dr
The BlackBerry® Enterprise Server for MDS Applications does not support this task.
1.To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -list -folders and the following parameters:
•-u <user_name>
•-b <instance>
Example
23
Administration Guide |
Turn on or turn off email message forwarding for folders |
besuseradminclient -username admin -password password -list -folders -u sammoser -b server01
Turn on or turn off email message forwarding for folders
The BlackBerry® Enterprise Server for MDS Applications does not support this task.
If you are using the BlackBerry® Enterprise Server for Microsoft® Exchange, a folder name can contain a slash mark (/). To specify the folder, you must type the escape character backslash (\) before the slash mark.
1.To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Perform one of the following actions:
•To turn on email message forwarding for folders, type besuseradminclient <credentials> -set_folder_redirection - er and the following parameters:
•-u <user_name>
•-b <instance>
•-foldername <folder_name>
•To turn off email message forwarding for folders, type besuseradminclient -set_folder_redirection <credentials> - dr and the following parameters:
•-u <user_name>
•-b <instance>
•-foldername <folder_name>
Example: Turning on email message forwarding for a folder
besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 - foldername Sent -er
Example: Turning off email message forwarding for a folder
besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 - foldername Sent -dr
Example: Turning on email message forwarding for a folder using a folder name that contains a slash mark
besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 - foldername Inbox\/subfolder1\/sub\/folder2 -er
24
Administration Guide |
Managing IT policies and IT policy rules |
Managing IT policies and IT policy rules |
|
4 |
1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -list -it_policy_rules and the following parameter:
• -it_policy <policy_name>
Example: Listing the IT policy rules and displaying them in an output file
besuseradminclient -username admin -password password -list -it_policy_rules -it_policy "Advanced Security" -o AdvancedSecurity.csv
Example output
Policy Name, Policy Group, Rule Name, Rule Value, Rule Type
Advanced Security, Device only, User Can Disable Password, No, BOOLEAN Advanced Security, Bluetooth, Disable Serial Port Profile, Yes, BOOLEAN Advanced Security, Security, Force Lock When Holstered, Yes, BOOLEAN Advanced Security, Password, Maximum Password History, 6, INTEGER
Advanced Security, Device only, Password Pattern Checks, At least 1 alpha and 1 numeric character, ENUMERATION: 0|No restriction|1|At least 1 alpha and 1 numeric character|2|At least 1 alpha, 1 numeric, and 1 special character|3|At least 1 upper-case alpha, 1 lower-case alpha, 1 numeric, and 1 special character
Advanced Security, Bluetooth, Disable File Transfer, Yes, BOOLEAN Advanced Security, Bluetooth, Disable Discoverable Mode, Yes, BOOLEAN
Advanced Security, Bluetooth, Require LED Connection Indicator, Yes, BOOLEAN Advanced Security, Device only, Enable Long-Term Timeout, Yes, BOOLEAN Advanced Security, Policy Information, IT Policy Name, Advanced Security, STRING Advanced Security, Security, Disable USB Mass Storage, Yes, BOOLEAN
Advanced Security, Security, Content Protection Strength, Strong, ENUMERATION: 0|Strong|1|Stronger|2|Strongest Advanced Security, Device only, User Can Change Timeout, Yes, BOOLEAN
25
Administration Guide |
Set IT policy rules for a user account |
Advanced Security, Security, External File System Encryption Level, Encrypt to User Password (excluding multi-media directories), ENUMERATION: 0|Not Required|1|Encrypt to User Password (excluding multi-media directories)|2|Encrypt to User Password (including multi-media directories)|3|Encrypt to Device Key (excluding multi-media directories)|4|Encrypt to Device Key (including multi-media directories)|5|Encrypt to User Password and Device Key (excluding multimedia directories)|6|Encrypt to User Password and Device Key (including multimedia directories)
Advanced Security, WLAN, WLAN Allow Handheld Changes, No, BOOLEAN Advanced Security, Device only, Maximum Security Timeout, 10, INTEGER Advanced Security, Bluetooth, Disable Address Book Transfer, Yes, BOOLEAN Advanced Security, Device only, Maximum Password Age, 30, INTEGER Advanced Security, Device only, Password Required, Yes, BOOLEAN
Set IT policy rules for a user account
1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -set_user_itpolicy_rule and the following parameters:
•-u <user_name>
•-b <instance>
•-policyrule <rule_name>
•-policyvalue <value>
Example: Specifying a single IT policy rule for a user account
besuseradminclient -username admin -password password -set_user_itpolicy_rule -u smoser@test.rim.net -b server01 - policyrule “VPN User Name” -policyvalue smoser
1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.
2.Type besuseradminclient <credentials> -list -it_policies.
Example
besuseradminclient -username admin -password password -list -it_policies
26