Blackberry SWD-504685-0330050601-001 User Manual

BlackBerry Enterprise Server Resource Kit

BlackBerry Enterprise Server User Administration Tool

Version: 5.0

Administration Guide

SWD-504685-0330050601-001

Contents
1	Overview.......................................................................................................................................................................................	5
	BlackBerry Enterprise Server User Administration Tool.............................................................................................................	5
	Preconfigured administrative roles for the BlackBerry Enterprise Server................................................................................	5
	New in this release.........................................................................................................................................................................	9
	Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration
	Tool...................................................................................................................................................................................................	12
	Supported authentication models........................................................................................................................................	12
	Authentication credentials....................................................................................................................................................	12
	Syntax for authentication credentials..................................................................................................................................	13
	Setting authentication credentials.......................................................................................................................................	13
	Storing an encrypted set of authentication credentials in the Windows registry..........................................................	13
	Extracting credentials that are stored in the Windows registry........................................................................................	14
	String value requirements.....................................................................................................................................................	14
	Use cases.................................................................................................................................................................................	14
2	Managing user accounts............................................................................................................................................................	17
	Adding user accounts.....................................................................................................................................................................	17
	Add a new user account to the BlackBerry Enterprise Server...........................................................................................	17
	Add a new user account to a group......................................................................................................................................	18
	Add an existing user account to a group.............................................................................................................................	18
	Assign a software configuration to a user account............................................................................................................	18
	Finding user accounts....................................................................................................................................................................	19
	Find a user account................................................................................................................................................................	19
	Changing and removing user accounts........................................................................................................................................	19
	Move a user account to a different BlackBerry Enterprise Server....................................................................................	19
	Move a user account to a different user group...................................................................................................................	20
	Delete a user account from a group.....................................................................................................................................	20
	Delete a software configuration from a user account........................................................................................................	20
	Delete a user account from the BlackBerry Enterprise Server..........................................................................................	21
	Change user account settings.......................................................................................................................................................	21
	List the groups in a BlackBerry Domain.......................................................................................................................................	22
3 Managing email message forwarding......................................................................................................................................		23
	Turn on or turn off email message forwarding............................................................................................................................	23

	List the folders that are available for email message forwarding.............................................................................................	23
	Turn on or turn off email message forwarding for folders.........................................................................................................	24
4	Managing IT policies and IT policy rules..................................................................................................................................	25
	List the IT policy rules in an IT policy............................................................................................................................................	25
	Set IT policy rules for a user account............................................................................................................................................	26
	List the IT policies in the BlackBerry Configuration Database..................................................................................................	26
5	Managing BlackBerry devices...................................................................................................................................................	27
	Set a password for a BlackBerry device........................................................................................................................................	27
	Set owner information on a BlackBerry device............................................................................................................................	27
	Delete pending messages..............................................................................................................................................................	28
	Resend a service book....................................................................................................................................................................	28
	Resend the peer-to-peer encryption key.....................................................................................................................................	29
	Protect a stolen BlackBerry device................................................................................................................................................	29
6	Sending notification messages to BlackBerry devices..........................................................................................................	30
	Send a notification PIN message..................................................................................................................................................	30
	Send a notification email message...............................................................................................................................................	31
7	Retrieving user account statistics and information about BlackBerry devices..................................................................	32
	Retrieve user account statistics.....................................................................................................................................................	32
	Results of a statistics query for a user account...................................................................................................................	32
	Clear user account statistics..........................................................................................................................................................	34
	Retrieve enterprise activation statistics for a user account.......................................................................................................	34
8	Retrieving BlackBerry device information...............................................................................................................................	36
	List the applications that are available on one or more BlackBerry devices............................................................................	36
	List the BlackBerry devices that a specific application is installed on.....................................................................................	36
	Retrieve the statistics for BlackBerry devices..............................................................................................................................	36
	Results of a statistics query for a BlackBerry device..........................................................................................................	37
	List the modules and .cod files that are available on a BlackBerry device...............................................................................	38
9	Retrieve statistics for the BlackBerry Enterprise Server or the messaging server............................................................	39
	Results of a statistics query for a BlackBerry Enterprise Server................................................................................................	39
10	Troubleshooting the BlackBerry Enterprise Server User Administration Tool...................................................................	41

	Check the status of the BlackBerry Enterprise Server User Administration Tool...................................................................	41
	Configuring log files.......................................................................................................................................................................	41
11	Parameters for the BlackBerry Enterprise Server User Administration Tool.....................................................................	43
	Using the command summary in the help file............................................................................................................................	43
12	Common parameters...................................................................................................................................................................	44
13	Input, output, and user feedback parameters.........................................................................................................................	45
14	-add................................................................................................................................................................................................	47
15	-assign_swconfig.........................................................................................................................................................................	50
16	-change.........................................................................................................................................................................................	52
17	-delete...........................................................................................................................................................................................	56
18	-find...............................................................................................................................................................................................	58
19	-handheld_info............................................................................................................................................................................	59
20	-kill_handheld..............................................................................................................................................................................	62
21	-list.................................................................................................................................................................................................	64
22	-move.............................................................................................................................................................................................	67
23	-resend_peer_to_peer_key.......................................................................................................................................................	69
24	-resend_service_book................................................................................................................................................................	70
25	-send_email..................................................................................................................................................................................	71
26	-send_pin......................................................................................................................................................................................	73
27	-set_client_auth..........................................................................................................................................................................	75
28	-set_folder_redirection..............................................................................................................................................................	77
29	-set_owner_info..........................................................................................................................................................................	79

30	-set_password..............................................................................................................................................................................	81
31	-set_user_itpolicy_rule..............................................................................................................................................................	82
32	-stats..............................................................................................................................................................................................	84
33	-status...........................................................................................................................................................................................	86
34	Glossary.........................................................................................................................................................................................	87
35	Provide feedback.........................................................................................................................................................................	88
36	Legal notice..................................................................................................................................................................................	89

Administration Guide

Overview

Overview
	1

The BlackBerry® Enterprise Server Resource Kit is a collection of tools that can help you extend your ability to manage and monitor the BlackBerry® Enterprise Solution. You can download the BlackBerry Enterprise Server Resource Kit from www.blackberry.com/support/downloads.

The BlackBerry Enterprise Server Resource Kit contains the following tool packages:

•BlackBerry Enterprise Server User Administration Tool

•BlackBerry Analysis, Monitoring, and Troubleshooting Tools

•BlackBerry Enterprise Transporter

BlackBerry Enterprise Server User Administration Tool

You can use the BlackBerry® Enterprise Server User Administration Tool to manage user accounts on the BlackBerry® Enterprise Server on a large scale. For example, you can add, find, move, and remove user accounts, or change user account configurations.

You can run the BlackBerry Enterprise Server User Administration Tool from a command prompt to perform BlackBerry Enterprise Server administration tasks or to gather management and monitoring information.

The BlackBerry Enterprise Server User Administration Tool connects to the BlackBerry Administration Service to obtain information from and store information in the BlackBerry Configuration Database.

Preconfigured administrative roles for the BlackBerry Enterprise Server

The BlackBerry® Enterprise Server installation includes preconfigured administrative roles. Each preconfigured administrative role has a number of permissions turned on.

You can configure additional permissions in the preconfigured administrative roles, or you can turn off any of the permissions that are shown in the following table. For more information, visit www.blackberry.com/go/serverdocs to read the BlackBerry Enterprise Server Administration Guide.

		Enterprise	Senior	Junior	Server only	User only
Permission name	Security role	Enterprise	Helpdesk	Helpdesk	Server only	User only
Permission name	Security role	role	Helpdesk	Helpdesk	role	role
			role	role
Create a group	*	*	*			*
Delete a group	*	*				*
View a group (across Group)	*	*	*	*		*
Edit a group (across Group)	*	*	*			*

Administration Guide

Preconfigured administrative roles for the BlackBerry Enterprise Server

		Enterprise	Senior	Junior	Server only	User only
Permission name	Security role	Enterprise	Helpdesk	Helpdesk	Server only	User only
Permission name	Security role	role	Helpdesk	Helpdesk	role	role
			role	role
Create a user	*	*	*			*
Delete a user	*	*	*			*
View a user (across Group)	*	*	*	*		*
Edit a user (across Group)	*	*	*			*
View a device (across Group)	*	*	*	*		*
Edit a device (across Group)	*	*	*	*		*
View device activation	*	*				*
settings
Edit device activation	*	*				*
settings
Create an IT policy	*	*				*
Delete an IT policy	*	*				*
View an IT policy	*	*	*	*		*
Edit an IT policy	*	*				*
Import an IT policy	*	*				*
Export a data file	*	*			*	*
Create a user-defined IT	*	*				*
policy template
Delete a user-defined IT	*	*				*
policy template
Edit a user-defined IT policy	*	*				*
template
Import an IT policy template	*	*				*
Create a software	*	*				*
configuration
View a software	*	*	*	*		*
configuration
Edit a software configuration	*	*				*
Delete a software	*	*				*
configuration
Create an application	*	*				*

Administration Guide

Preconfigured administrative roles for the BlackBerry Enterprise Server

		Enterprise	Senior	Junior	Server only	User only
Permission name	Security role	Enterprise	Helpdesk	Helpdesk	Server only	User only
Permission name	Security role	role	Helpdesk	Helpdesk	role	role
			role	role
View an application	*	*	*	*		*
Edit an application	*	*				*
Delete an application	*	*				*
Create an administrator user	*	*				*
Specify activation password	*	*	*	*		*
Turn off and on external	*	*	*			*
services
Clear activation password	*	*	*	*		*
Clear synchronization	*	*	*			*
backup data
Clear user statistics	*	*	*	*		*
Reset user field mapping	*	*	*			*
Turn on redirection	*	*	*			*
Turn off redirection	*	*	*			*
Refresh available user list	*	*	*		*	*
from company directory
Synchronize GroupWise®	*	*			*
System Address Book
Clear and synchronize	*	*			*
GroupWise System Address
Book
View a server	*	*			*
Edit a server	*	*			*
View a component	*	*			*
Edit a component	*	*			*
View an instance	*	*			*
Edit an instance	*	*			*
Change the status of an	*	*			*
instance
Edit an instance relationship	*	*			*
View a job	*	*				*

Administration Guide

Preconfigured administrative roles for the BlackBerry Enterprise Server

		Enterprise	Senior	Junior	Server only	User only
Permission name	Security role	Enterprise	Helpdesk	Helpdesk	Server only	User only
Permission name	Security role	role	Helpdesk	Helpdesk	role	role
			role	role
Edit a job	*	*				*
View default distribution	*	*				*
settings for a job
Edit default distribution	*	*				*
settings for a job
Update peer-to-peer	*	*			*
encryption key
View job distribution settings	*	*				*
Edit job distribution settings	*	*				*
Delete an instance	*	*			*
Edit license keys	*	*			*
License key view	*	*			*
Manually fail a job	*	*				*
Clear instance statistics	*	*			*
Clear statistics for a	*	*			*
BlackBerry MDS Connection
Service instance
View push rules for the	*	*	*	*	*	*
BlackBerry MDS Connection
Service
View pull rules for the	*	*	*	*		*
BlackBerry MDS Connection
Service
Send message (across	*	*	*	*		*
Group)
Create a role	*					*
Delete a role	*					*
View a role	*	*				*
Edit a role	*					*
Add and remove a role	*	*				*
(across Group)

Administration Guide

New in this release

		Enterprise	Senior	Junior	Server only	User only
Permission name	Security role	Enterprise	Helpdesk	Helpdesk	Server only	User only
Permission name	Security role	role	Helpdesk	Helpdesk	role	role
			role	role

View a group across organizations

Edit a group across organizations

Add and remove a role across organizations

View a device across organizations

Edit a device across organizations

Create an event notification

Edit a BlackBerry

Administration Service timer

View BlackBerry Monitoring

Service information

Edit BlackBerry Monitoring

Service settings

New in this release

BlackBerry Analysis, Monitoring, and Troubleshooting Tools

The functionality of the following BlackBerry® Analysis, Monitoring, and Troubleshooting Tools has been integrated into the BlackBerry Enterprise Server User Administration Tool. As a result, the tools are no longer distributed separately.

Tool	Description

BlackBerry Enterprise Activation	To generate a report of the stages of activation for a user account, in the BlackBerry
Status Reporting Tool	Enterprise Server User Administration Tool, you can run the following command:
(EAStatus.exe)	besuseradminclient <credentials> -list -eastatus
	besuseradminclient <credentials> -list -eastatus

Administration Guide

New in this release

Tool	Description

BlackBerry IT Policy Template	To display the preconfigured IT policies that are available on a BlackBerry® Enterprise
Reporting Tool	Server, in the BlackBerry Enterprise Server User Administration Tool, you can run the
(ITPolicyTemplateReport.exe)	following command:
(ITPolicyTemplateReport.exe)
	besuseradminclient <credentials> -list -it_policy_templates
Parameter changes in the BlackBerry Enterprise Server User Administration Tool

Parameter	Description

-change -u -cw	This subparameter removes the activation password for a BlackBerry device from the
	BlackBerry Configuration Database.
-delete -u -force	This subparameter forces the removal of a user account from the BlackBerry Configuration
	Database, even if a mailbox does not exist for the user.
	The -force subparameter replaces the -hard subparameter.
-i <input_filename>	This subparameter provides the option for all commands that have command line options
	to use an input file.
	The first line of the input file is a comma-separated list of options that the columns
	represent. This list can be any (non-empty) subset of valid options in any order. For Boolean
	options, such as -cs, a column value of 0 or FALSE (not case-sensitive) turn off the option.
	All other values, including the empty value, turn on the option.
-list -servers	This subparameter lists all BlackBerry Enterprise Server and messaging server instances.
-o <output_filename>	This subparameter provides the option to create an output file.
	You can use this subparameter with any command.
-p <password>	This subparameter specifies the authentication password that the BlackBerry Enterprise
	Server User Administration Tool uses to extract authentication credentials from the
	Windows® registry and use in command line options. The parameter was previously used
	to authenticate the BESUserAdminClient with the BESUserAdminService.
-set_client_auth	This parameter specifies the credentials that the BlackBerry Enterprise Server User

Administration Tool uses to authenticate with the BlackBerry Administration Service. You run the following command:

besuseradminclient -set_client_auth <credentials_to_set> -set_p <password> Previously, -set_client_auth was a subparameter that was used with other commands.

Administration Guide

Parameter	Description

-stats -service -b <instance> and	These subparameters display statistics for a BlackBerry Enterprise Server component or
-stats -service -email <instance>	for a BlackBerry Messaging Agent instance.

	They replace the following subparameters:
	•	-stats -b <instance>
	•	-stats -servers
-v <level>	The <level> variable allows you to specify the level of detail that is provided in log files by
	using one of the following options:
	•	TRACE
	•	DEBUG
	•	WARNING
	•	ERROR
	•	INFORMATIONAL
	The default level is set at DEBUG.
	The -v parameter was previously used to specify only a verbose reporting level.
Parameters that are no longer used in the BlackBerry Enterprise Server User Administration Tool

Parameter	Description

-add -u -domaddrsvr	This parameter was used by the BlackBerry Enterprise Server User Administration Tool to
<servername>	identify the remote address book server to look up a user.
-add -infofile	This parameter has been enhanced to -add -i <input_filename>.
- change -infofile	This parameter has been enhanced to -change -i <input_filename>.
- change -u -cpin	This parameter was used to remove the PIN for a user account from the BlackBerry
	Configuration Database.
-delete -f	This parameter has been enhanced to -delete -force.
-delete -hard	This parameter has been enhanced to -delete -force.
-stats -b <instance>	This parameter has been enhanced to -stats -service -b <instance> and -stats -service -
	email <instance>.
-stats -servers	This parameter has been enhanced to -stats -service -b <instance> and -stats -service -
	email <instance>.

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

If your organization uses applications that work with previous versions of the BlackBerry® Enterprise Server User Administration Tool, in many cases, these applications also work with version 5.0 of the tool.

Supported authentication models

In BlackBerry® Enterprise Server version 5.0, the models for authentication (login) and authorization (roles or capabilities) for administration are different from the models that were used in previous versions.

BlackBerry Enterprise Server version 5.0 supports the following authentication models:

•BlackBerry Administration Service authentication (default)

•mailbox authentication (IBM® Lotus® Domino® environment only)

•Microsoft® Active Directory® authentication

BlackBerry Enterprise Server version 5.0 does not support Windows® authentication or Microsoft® SQL Server® authentication.

You must create one of the following administrators with sufficient credentials to authenticate with the BlackBerry Administration Service:

•administrator in the BlackBerry Administration Service

•mailbox administrator (IBM Lotus Domino environment only)

•administrator in Microsoft Active Directory

Roles or capabilities that are based on database user accounts are not supported in BlackBerry Enterprise Server version 5.0.

For more information about how to create a BlackBerry Administration Service administrator, visit www.blackberry.com/go/ serverdocs to read the BlackBerry Enterprise Server Administration Guide.

Authentication credentials

In the BlackBerry® Enterprise Server User Administration Tool version 5.0, you can use the following parameters interchangeably:

•"-username" or "-sqluser" (authentication user name)

•"-password" or "-sqlpass" (authentication password)

The BlackBerry Enterprise Server User Administration Tool uses the values associated with these options for the authentication and authorization models that are supported in the BlackBerry® Enterprise Server version 5.0. The tool does not does not support Microsoft® SQL Server® authentication or roles or capabilities that are defined on the Microsoft SQL Server database engine.

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

Syntax for authentication credentials

In the BlackBerry® Enterprise Server User Administration Tool BlackBerry Enterprise Server User Administration Tool, the variable <credentials> represents the user name and password that you use for authentication with the BlackBerry Administration Service.

The BlackBerry Enterprise Server User Administration Tool uses the following syntax for authentication credentials.

Item	Description

-username <user name>	authentication user name
-sqluser <user name>
-password <password>	authentication password
-sqlpass <password>
-domain <domain>	authentication domain
-bas_auth	use BlackBerry Administration Service authentication (default)
-mailbox_auth	use mailbox authentication (IBM® Lotus® Domino® environment only)
-ad_auth	use Microsoft® Active Directory® authentication

In the BlackBerry Enterprise Server User Administration Tool, the variable <credentials> represents the user name and password that you use for authentication with the BlackBerry Administration Service.

Setting authentication credentials

Storing an encrypted set of authentication credentials in the Windows registry

The BlackBerry® Enterprise Server User Administration Tool uses the -set_client_auth <credentials> -set_p <password> command to store credentials in the Windows® registry and then insert the credentials into the command line options.

Example

BESUserAdminClient -username admin -password password -set_client_auth "-username smoser -password password1 - ad_auth -domain test.rim.net" -set_p password

This creates the following Windows registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Resource Kit\BESUserAdmin\ClientAuth

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

Extracting credentials that are stored in the Windows registry

The BlackBerry® Enterprise Server User Administration Tool uses the -p <password> command to extract and decrypt credentials that are stored in the Windows® registry and then inserts the credentials into the command line options.

Example

BESUserAdminClient -p password1 -status This runs the following command:

BESUserAdminClient -username smoser -password password1 -ad_auth -domain test.rim.net -status

String value requirements

To specify -set_client_auth values that contain characters in double quotation marks, you must surround the entire string with double quotation marks. You must use a set of quotation marks to escape every embedded set of characters that are in double quotation marks.

Example: Using double quotation marks to specify a work location nickname for a user

If you have two users with the same name, Sam Moser, one of whom works in Waterloo and the other in New York, you can specify the work location for the user as a nickname.

BESUserAdminClient -username "Sam \"Waterloo\" Moser" -password password -status You store this option and value in the Windows® registry using the following command:

BESUserAdminClient -set_p password1 -set_client_auth "-username ""Sam \"\"Waterloo\"\" Moser"" -password password"

Use cases

In all the following examples, you log on to the computer that hosts the BlackBerry® Enterprise Server User Administration Tool using the following credentials:

•User name: NTLMU1

•Password: NTLMP1

Example: Running a command using SQL authentication

You log on to the computer that hosts the BlackBerry Enterprise Server User Administration Tool using the following credentials:

•User name: SQLU1

•Password: SQLP1

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

BlackBerry Enterprise Server User Administration Tool	BlackBerry Enterprise Server User Administration Tool
version 4.1.x	version 5.0

Run the following command: BESUserAdminClient -p

password1 -sqluser SQLU1 -sqlpass SQLP1...

Initial configuration (perform once):

1.Create a BlackBerry Administration Service administrator with the following credentials:

•User name: SQLU1

•Password: SQLP1

2.Save the BlackBerry Administration Service administrator credentials in the Windows registry using the following command: BESUserAdminClient - set_client_auth "-bas_auth" -set_p password1

Then run the following command: BESUserAdminClient -p

password1 -sqluser SQLU1 -sqlpass SQLP1....

Example: Running a command using Windows authentication

BlackBerry Enterprise Server User Administration Tool	BlackBerry Enterprise Server User Administration Tool
version 4.1.x	version 5.0

Run the following command: BESUserAdminClient -p

password1...

Initial configuration (perform once):

1.Create a BlackBerry Administration Service administrator with the following credentials:

•User name: BASU1

•Password: BASP1

2.Save the BlackBerry Administration Service administrator credentials in the Windows® registry using the following command: BESUserAdminClient - set_client_auth "-username BASU1 -password BASP1 -bas_auth" -set_p password1

Then run the following command: BESUserAdminClient -p password1

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

Example: Changing the authentication credentials in the Windows registry to a Microsoft Active Directory user

BlackBerry Enterprise Server User Administration Tool	BlackBerry Enterprise Server User Administration Tool
version 4.1.x	version 5.0

Not applicable	Run the following command:
	BESUserAdminClient -set_client_auth "-username ADU1
	-password ADP1 -ad_auth -domain D1" -set_p password1
Example: Changing the client password

BlackBerry Enterprise Server User Administration Tool	BlackBerry Enterprise Server User Administration Tool
version 4.1.x	version 5.0

1. Remove the existing BlackBerry Enterprise Server User	Run the following command:
1. Remove the existing BlackBerry Enterprise Server User
Administration Tool service.	BESUserAdminClient -set_client_auth "-username ADU1
	BESUserAdminClient -set_client_auth "-username ADU1
2. Re-install the service using the new client password.	-password ADP1 -ad_auth -domain D1" -set_p password2
Example: Overriding the requirement to use authentication credentials in the Windows registry

BlackBerry Enterprise Server User Administration Tool	BlackBerry Enterprise Server User Administration Tool
version 4.1.x	version 5.0

Not applicable	Run the following command:
	BESUserAdminClient -username username1 -password
	password1..
Example: Denying access permanently or temporarily using the -p command

BlackBerry Enterprise Server User Administration Tool	BlackBerry Enterprise Server User Administration Tool
version 4.1.x	version 5.0

Change the appropriate Windows registry entry.	Run the following command:

BESUserAdminClient -set_client_auth "" -set_p password

Administration Guide

Managing user accounts

Managing user accounts
	2

The BlackBerry® Enterprise Server uses predefined roles that correspond to common administrative roles in organizations to control who can perform specific tasks and to limit who can access sensitive data.

The BlackBerry Enterprise Server User Administration Tool uses the BlackBerry Administration Service credentials that you type on the command line.

Your current role is defined by the BlackBerry Administration Service. The -v parameter in the BlackBerry Enterprise Server User Administration Tool does not display your role.

The authentication information is encrypted when it passes from the BlackBerry Enterprise Server User Administration Tool to the BlackBerry Administration Service and to the BlackBerry Configuration Database.

Adding user accounts

Add a new user account to the BlackBerry Enterprise Server

1.To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -add and the following parameters:

•-u <user_name>

•-pin <PIN> (use with the -u parameter for the BlackBerry® Enterprise Server for MDS Applications only)

•-b <instance>

Example: Adding a user account to a BlackBerry Enterprise Server for Microsoft Exchange, and assigning an IT policy

besuseradminclient-username admin -password password -add -u smoser@test.rim.net -b server1 -it_policy “User Can Change Timeout”

Example: Adding a user account to a BlackBerry Enterprise Server for IBM Lotus Domino, and assigning an IT policy

besuseradminclient -username admin -password password -add -u “CN=Sam Moser/O=Server01” -b CN=Server01/ O=test.rim.net -it_policy “User Can Change Timeout”

Example: Adding a user account to a BlackBerry Enterprise Server for Novell GroupWise, and assigning an IT policy besuseradminclient -username admin -password password -add -u sammoser -b server01 -it_policy “User Can Change Timeout”

Example: Adding a user account to a BlackBerry Enterprise Server for MDS Applications, and assigning an IT policy

besuseradminclient -username admin -password password -add -u xxxxxxxx -pin xxxxxxxx -b server01 -it_policy “User Can Change Timeout”

Administration Guide

Adding user accounts

Add a new user account to a group

2.Type besuseradminclient <credentials> -add and the following parameters:

•-u <user_name>

•-b <instance>

•-group <group_name>

Example: Adding a new user account to a BlackBerry Enterprise Server for Microsoft Exchange, to a user group, and to an IT policy

besuseradminclient -username admin -password password -add -u smoser@test.rim.net -b server01 -group administrators - it_policy “User Can Change Timeout”

Add an existing user account to a group

2.Type besuseradminclient <credentials> -change and the following parameters:

•-u <user_name>

•-b <instance>

•-group <group_name>

Example

besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server1 -group administrators

Assign a software configuration to a user account

2.Type besuseradminclient <credentials> -assign_swconfig and the following parameters:

•-u <user_name>

•-sw <configuration_name>

Administration Guide

Finding user accounts

Example

besuseradminclient -username admin -password password - assign_swconfig -u "sam, moser” -b server1 -sw games

Finding user accounts

Find a user account

You can use the -u subparameter to specify the user account that the BlackBerry® Enterprise Server User Administration Tool searches for.

1.To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2.Type besuseradminclient <credentials> -find and the following parameter:

• -u <user_name>

Example: Finding a user account on the BlackBerry Enterprise Server for Microsoft Exchange besuseradminclient -username admin -password password -find -u smoser@test.rim.net

Changing and removing user accounts

Move a user account to a different BlackBerry Enterprise Server

The source and the target BlackBerry® Enterprise Server instances must use the same BlackBerry Configuration Database.

2.Type besuseradminclient <credentials> -move and the following parameters:

•-b <instance> (source BlackBerry Enterprise Server instance)

•-u <user_name>

•-t <instance> (target or destination BlackBerry Enterprise Server instance)

Example: Moving a user account to a different BlackBerry Enterprise Server for Microsoft Exchange besuseradminclient -username admin -password password -move -u smoser@test.rim.net -b server01 -t server02

Administration Guide

Changing and removing user accounts

Move a user account to a different user group

A user account can belong to more than one group. You can perform this task if you want the user account to belong to only the group that you specify.

Before you begin:

Delete the user account from the existing group.

2.Type besuseradminclient <credentials> -change and the following parameters:

•-u <user_name>

•-b <instance>

•-group <group_name>

Example

besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server01 -group security

Delete a user account from a group

2.Type besuseradminclient <credentials> -change and the following parameters:

•-u <user_name>

•-b <instance>

•-cgroup <group_name>

Example: Deleting a user account from a user group on the BlackBerry Enterprise Server for Microsoft Exchange besuseradminclient -username admin -change -u smoser@test.rim.net -b server01 -cgroup powerusers

Delete a software configuration from a user account

2.Type besuseradminclient <credentials> -assign_swconfig -csw and the name of the software configuration.

Administration Guide

Change user account settings

Example

besuseradminclient -username admin -password password -assign_swconfig -csw config1 -u “sam, moser” -b server1

Delete a user account from the BlackBerry Enterprise Server

2.Type besuseradminclient <credentials> -delete and the following parameters:

•-u <user_name>

•-b <instance>

Example: Deleting a user account from the BlackBerry Enterprise Server for Microsoft Exchange besuseradminclient -delete -username admin -password password -u smoser@test.rim.net -b server01

Change user account settings

The BlackBerry® Enterprise Server for MDS Applications does not support this task.

2.Type besuseradminclient <credentials> -change and the following parameters:

•-u <user_name>

•-b <instance>

Example: Clearing the user account filters

besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server01 -cf

Example: Making the BlackBerry MDS Connection Service unavailable to a user account, changing the activation password, and specifying the password expiry time for the user account

besuseradminclient -change -username admin -password password -u smoser@test.rim.net -b server01 -dm -w password3 -wt 96

Example: Specifying the activation password and the password expiry time for a group of users besuseradminclient -change -username admin -password password -g administrators -w password3 -wt 120

Administration Guide

List the groups in a BlackBerry Domain

2.Type besuseradminclient <credentials> -list -groups.

Example

besuseradminclient -username admin -password password -list -groups

Administration Guide

Managing email message forwarding

Managing email message forwarding
	3

Turn on or turn off email message forwarding

The BlackBerry® Enterprise Server for MDS Applications does not support this task. By default, email message forwarding is turned off.

2.Perform one of the following actions:

•To turn on email message forwarding, type besuseradminclient <credentials> -change -er and the following parameters:

•-u <user_name>

•-b <instance>

•To turn off email message forwarding, type besuseradminclient <credentials> -change -dr and the following parameters:

•-u <user_name>

•-b <instance>

Example: Turning on email message forwarding for a user account

besuseradminclient -username admin -password password1 -change -u smoser@test.rim.net -b server01 -er

Example: Turning off email message forwarding for a user account

besuseradminclient-username admin -password password1 -change -u smoser@test.rim.net -b server01 -dr

List the folders that are available for email message forwarding

The BlackBerry® Enterprise Server for MDS Applications does not support this task.

2.Type besuseradminclient <credentials> -list -folders and the following parameters:

•-u <user_name>

•-b <instance>

Example

Administration Guide

Turn on or turn off email message forwarding for folders

besuseradminclient -username admin -password password -list -folders -u sammoser -b server01

Turn on or turn off email message forwarding for folders

The BlackBerry® Enterprise Server for MDS Applications does not support this task.

If you are using the BlackBerry® Enterprise Server for Microsoft® Exchange, a folder name can contain a slash mark (/). To specify the folder, you must type the escape character backslash (\) before the slash mark.

2.Perform one of the following actions:

•To turn on email message forwarding for folders, type besuseradminclient <credentials> -set_folder_redirection - er and the following parameters:

•-u <user_name>

•-b <instance>

•-foldername <folder_name>

•To turn off email message forwarding for folders, type besuseradminclient -set_folder_redirection <credentials> - dr and the following parameters:

•-u <user_name>

•-b <instance>

•-foldername <folder_name>

Example: Turning on email message forwarding for a folder

besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 - foldername Sent -er

Example: Turning off email message forwarding for a folder

besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 - foldername Sent -dr

Example: Turning on email message forwarding for a folder using a folder name that contains a slash mark

besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 - foldername Inbox\/subfolder1\/sub\/folder2 -er

Administration Guide

Managing IT policies and IT policy rules

Managing IT policies and IT policy rules
	4

List the IT policy rules in an IT policy

2.Type besuseradminclient <credentials> -list -it_policy_rules and the following parameter:

• -it_policy <policy_name>

Example: Listing the IT policy rules and displaying them in an output file

besuseradminclient -username admin -password password -list -it_policy_rules -it_policy "Advanced Security" -o AdvancedSecurity.csv

Example output

Policy Name, Policy Group, Rule Name, Rule Value, Rule Type

Advanced Security, Device only, User Can Disable Password, No, BOOLEAN Advanced Security, Bluetooth, Disable Serial Port Profile, Yes, BOOLEAN Advanced Security, Security, Force Lock When Holstered, Yes, BOOLEAN Advanced Security, Password, Maximum Password History, 6, INTEGER

Advanced Security, Bluetooth, Disable File Transfer, Yes, BOOLEAN Advanced Security, Bluetooth, Disable Discoverable Mode, Yes, BOOLEAN

Advanced Security, Bluetooth, Require LED Connection Indicator, Yes, BOOLEAN Advanced Security, Device only, Enable Long-Term Timeout, Yes, BOOLEAN Advanced Security, Policy Information, IT Policy Name, Advanced Security, STRING Advanced Security, Security, Disable USB Mass Storage, Yes, BOOLEAN

Administration Guide

Set IT policy rules for a user account

Advanced Security, Security, External File System Encryption Level, Encrypt to User Password (excluding multi-media directories), ENUMERATION: 0|Not Required|1|Encrypt to User Password (excluding multi-media directories)|2|Encrypt to User Password (including multi-media directories)|3|Encrypt to Device Key (excluding multi-media directories)|4|Encrypt to Device Key (including multi-media directories)|5|Encrypt to User Password and Device Key (excluding multimedia directories)|6|Encrypt to User Password and Device Key (including multimedia directories)

Advanced Security, WLAN, WLAN Allow Handheld Changes, No, BOOLEAN Advanced Security, Device only, Maximum Security Timeout, 10, INTEGER Advanced Security, Bluetooth, Disable Address Book Transfer, Yes, BOOLEAN Advanced Security, Device only, Maximum Password Age, 30, INTEGER Advanced Security, Device only, Password Required, Yes, BOOLEAN

Set IT policy rules for a user account

2.Type besuseradminclient <credentials> -set_user_itpolicy_rule and the following parameters:

•-u <user_name>

•-b <instance>

•-policyrule <rule_name>

•-policyvalue <value>

Example: Specifying a single IT policy rule for a user account

besuseradminclient -username admin -password password -set_user_itpolicy_rule -u smoser@test.rim.net -b server01 - policyrule “VPN User Name” -policyvalue smoser

List the IT policies in the BlackBerry Configuration Database

2.Type besuseradminclient <credentials> -list -it_policies.

Example

besuseradminclient -username admin -password password -list -it_policies

+ 65 hidden pages