Blackberry SWD-504685-0330050601-001 User Manual

BlackBerry Enterprise Server Resource Kit BlackBerry Enterprise Server User Administration Tool

Version: 5.0

Administration Guide

SWD-504685-0330050601-001

Contents

1 Overview....................................................................................................................................................................................... 5

BlackBerry Enterprise Server User Administration Tool............................................................................................................. 5

Preconfigured administrative roles for the BlackBerry Enterprise Server................................................................................ 5

New in this release......................................................................................................................................................................... 9

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration

Tool................................................................................................................................................................................................... 12

Supported authentication models........................................................................................................................................ 12

Authentication credentials.................................................................................................................................................... 12

Syntax for authentication credentials.................................................................................................................................. 13

Setting authentication credentials....................................................................................................................................... 13

Storing an encrypted set of authentication credentials in the Windows registry.......................................................... 13

Extracting credentials that are stored in the Windows registry........................................................................................ 14

String value requirements..................................................................................................................................................... 14

Use cases................................................................................................................................................................................. 14

2 Managing user accounts............................................................................................................................................................ 17

Adding user accounts..................................................................................................................................................................... 17

Add a new user account to the BlackBerry Enterprise Server........................................................................................... 17

Add a new user account to a group...................................................................................................................................... 18

Add an existing user account to a group............................................................................................................................. 18

Assign a software configuration to a user account............................................................................................................ 18

Finding user accounts.................................................................................................................................................................... 19

Find a user account................................................................................................................................................................ 19

Changing and removing user accounts........................................................................................................................................ 19

Move a user account to a different BlackBerry Enterprise Server.................................................................................... 19

Move a user account to a different user group................................................................................................................... 20

Delete a user account from a group..................................................................................................................................... 20

Delete a software configuration from a user account........................................................................................................ 20

Delete a user account from the BlackBerry Enterprise Server.......................................................................................... 21

Change user account settings....................................................................................................................................................... 21

List the groups in a BlackBerry Domain....................................................................................................................................... 22

3 Managing email message forwarding...................................................................................................................................... 23

Turn on or turn off email message forwarding............................................................................................................................ 23

List the folders that are available for email message forwarding............................................................................................. 23

Turn on or turn off email message forwarding for folders......................................................................................................... 24

4 Managing IT policies and IT policy rules.................................................................................................................................. 25

List the IT policy rules in an IT policy............................................................................................................................................ 25

Set IT policy rules for a user account............................................................................................................................................ 26

List the IT policies in the BlackBerry Configuration Database.................................................................................................. 26

5 Managing BlackBerry devices................................................................................................................................................... 27

Set a password for a BlackBerry device........................................................................................................................................ 27

Set owner information on a BlackBerry device............................................................................................................................ 27

Delete pending messages.............................................................................................................................................................. 28

Resend a service book.................................................................................................................................................................... 28

Resend the peer-to-peer encryption key..................................................................................................................................... 29

Protect a stolen BlackBerry device................................................................................................................................................ 29

6 Sending notification messages to BlackBerry devices.......................................................................................................... 30

Send a notification PIN message.................................................................................................................................................. 30

Send a notification email message............................................................................................................................................... 31

7 Retrieving user account statistics and information about BlackBerry devices.................................................................. 32

Retrieve user account statistics..................................................................................................................................................... 32

Results of a statistics query for a user account................................................................................................................... 32

Clear user account statistics.......................................................................................................................................................... 34

Retrieve enterprise activation statistics for a user account....................................................................................................... 34

8 Retrieving BlackBerry device information............................................................................................................................... 36

List the applications that are available on one or more BlackBerry devices............................................................................ 36

List the BlackBerry devices that a specific application is installed on..................................................................................... 36

Retrieve the statistics for BlackBerry devices.............................................................................................................................. 36

Results of a statistics query for a BlackBerry device.......................................................................................................... 37

List the modules and .cod files that are available on a BlackBerry device............................................................................... 38

9 Retrieve statistics for the BlackBerry Enterprise Server or the messaging server............................................................ 39

Results of a statistics query for a BlackBerry Enterprise Server................................................................................................ 39

10 Troubleshooting the BlackBerry Enterprise Server User Administration Tool................................................................... 41

Check the status of the BlackBerry Enterprise Server User Administration Tool................................................................... 41

Configuring log files....................................................................................................................................................................... 41

11 Parameters for the BlackBerry Enterprise Server User Administration Tool..................................................................... 43

Using the command summary in the help file............................................................................................................................ 43

12 Common parameters................................................................................................................................................................... 44

13 Input, output, and user feedback parameters......................................................................................................................... 45

14 -add................................................................................................................................................................................................ 47

15 -assign_swconfig......................................................................................................................................................................... 50

16 -change......................................................................................................................................................................................... 52

17 -delete........................................................................................................................................................................................... 56

18 -find............................................................................................................................................................................................... 58

19 -handheld_info............................................................................................................................................................................ 59

20 -kill_handheld.............................................................................................................................................................................. 62

21 -list................................................................................................................................................................................................. 64

22 -move............................................................................................................................................................................................. 67

23 -resend_peer_to_peer_key....................................................................................................................................................... 69

24 -resend_service_book................................................................................................................................................................ 70

25 -send_email.................................................................................................................................................................................. 71

26 -send_pin...................................................................................................................................................................................... 73

27 -set_client_auth.......................................................................................................................................................................... 75

28 -set_folder_redirection.............................................................................................................................................................. 77

29 -set_owner_info.......................................................................................................................................................................... 79

30 -set_password.............................................................................................................................................................................. 81

31 -set_user_itpolicy_rule.............................................................................................................................................................. 82

32 -stats.............................................................................................................................................................................................. 84

33 -status........................................................................................................................................................................................... 86

34 Glossary......................................................................................................................................................................................... 87

35 Provide feedback......................................................................................................................................................................... 88

36 Legal notice.................................................................................................................................................................................. 89

Administration Guide

Overview

The BlackBerry® Enterprise Server Resource Kit is a collection of tools that can help you extend your ability to manage and monitor the BlackBerry® Enterprise Solution. You can download the BlackBerry Enterprise Server Resource Kit from

www.blackberry.com/support/downloads.

The BlackBerry Enterprise Server Resource Kit contains the following tool packages:

• BlackBerry Enterprise Server User Administration Tool

• BlackBerry Analysis, Monitoring, and Troubleshooting Tools

• BlackBerry Enterprise Transporter

BlackBerry Enterprise Server User Administration Tool

You can use the BlackBerry® Enterprise Server User Administration Tool to manage user accounts on the BlackBerry® Enterprise Server on a large scale. For example, you can add, find, move, and remove user accounts, or change user account configurations.

You can run the BlackBerry Enterprise Server User Administration Tool from a command prompt to perform BlackBerry Enterprise Server administration tasks or to gather management and monitoring information.

The BlackBerry Enterprise Server User Administration Tool connects to the BlackBerry Administration Service to obtain information from and store information in the BlackBerry Configuration Database.

Preconfigured administrative roles for the BlackBerry Enterprise Server

The BlackBerry® Enterprise Server installation includes preconfigured administrative roles. Each preconfigured administrative role has a number of permissions turned on.

You can configure additional permissions in the preconfigured administrative roles, or you can turn off any of the permissions that are shown in the following table. For more information, visit www.blackberry.com/go/serverdocs to read the BlackBerry Enterprise Server Administration Guide.

Permission name Security role

Create a group * * * * Delete a group * * * View a group (across Group) * * * * * Edit a group (across Group) * * * *

Enterprise role

Senior Helpdesk role

Junior Helpdesk role

Server only role

User only role

Administration Guide

Preconfigured administrative roles for the BlackBerry Enterprise Server

Permission name Security role

Enterprise role

Senior Helpdesk role

Junior Helpdesk role

Server only role

Create a user * * * * Delete a user * * * * View a user (across Group) * * * * * Edit a user (across Group) * * * * View a device (across Group) * * * * * Edit a device (across Group) * * * * * View device activation

* * * settings Edit device activation

* * * settings Create an IT policy * * * Delete an IT policy * * * View an IT policy * * * * * Edit an IT policy * * * Import an IT policy * * * Export a data file * * * * Create a user-defined IT

* * * policy template Delete a user-defined IT

* * * policy template Edit a user-defined IT policy

* * * template Import an IT policy template * * * Create a software

* * * configuration View a software

* * * * * configuration Edit a software configuration * * * Delete a software

* * * configuration Create an application * * *

User only role

Administration Guide

Preconfigured administrative roles for the BlackBerry Enterprise Server

Permission name Security role

Enterprise role

Senior Helpdesk role

Junior Helpdesk role

Server only role

View an application * * * * * Edit an application * * * Delete an application * * * Create an administrator user * * * Specify activation password * * * * * Turn off and on external

* * * * services Clear activation password * * * * * Clear synchronization

* * * * backup data Clear user statistics * * * * * Reset user field mapping * * * * Turn on redirection * * * * Turn off redirection * * * * Refresh available user list

* * * * * from company directory Synchronize GroupWise®

* * * System Address Book Clear and synchronize

* * * GroupWise System Address Book View a server * * * Edit a server * * * View a component * * * Edit a component * * * View an instance * * * Edit an instance * * * Change the status of an

* * * instance Edit an instance relationship * * * View a job * * *

User only role

Administration Guide

Preconfigured administrative roles for the BlackBerry Enterprise Server

Permission name Security role

Enterprise role

Senior Helpdesk role

Junior Helpdesk role

Server only role

Edit a job * * * View default distribution

* * * settings for a job Edit default distribution

* * * settings for a job Update peer-to-peer

* * * encryption key View job distribution settings * * * Edit job distribution settings * * * Delete an instance * * * Edit license keys * * * License key view * * * Manually fail a job * * * Clear instance statistics * * * Clear statistics for a

* * * BlackBerry MDS Connection Service instance View push rules for the

* * * * * * BlackBerry MDS Connection Service View pull rules for the

* * * * * BlackBerry MDS Connection Service Send message (across

* * * * * Group) Create a role * * Delete a role * * View a role * * * Edit a role * * Add and remove a role

* * * (across Group)

User only role

Administration Guide

New in this release

Permission name Security role

View a group across organizations Edit a group across organizations Add and remove a role across organizations View a device across organizations Edit a device across organizations Register an event notification Create an event notification Edit a BlackBerry Administration Service timer View BlackBerry Monitoring Service information Edit BlackBerry Monitoring Service settings

Enterprise role

Senior Helpdesk role

Junior Helpdesk role

Server only role

User only role

New in this release

BlackBerry Analysis, Monitoring, and Troubleshooting Tools

The functionality of the following BlackBerry® Analysis, Monitoring, and Troubleshooting Tools has been integrated into the BlackBerry Enterprise Server User Administration Tool. As a result, the tools are no longer distributed separately.

Tool Description

BlackBerry Enterprise Activation Status Reporting Tool (EAStatus.exe)

To generate a report of the stages of activation for a user account, in the BlackBerry Enterprise Server User Administration Tool, you can run the following command:

besuseradminclient <credentials> -list -eastatus

Administration Guide

New in this release

Tool Description

BlackBerry IT Policy Template Reporting Tool

(ITPolicyTemplateReport.exe)

To display the preconfigured IT policies that are available on a BlackBerry® Enterprise Server, in the BlackBerry Enterprise Server User Administration Tool, you can run the following command:

besuseradminclient <credentials> -list -it_policy_templates

Parameter changes in the BlackBerry Enterprise Server User Administration Tool

Parameter Description

-change -u -cw This subparameter removes the activation password for a BlackBerry device from the

BlackBerry Configuration Database.

-delete -u -force This subparameter forces the removal of a user account from the BlackBerry Configuration

Database, even if a mailbox does not exist for the user.

The -force subparameter replaces the -hard subparameter.

-i <input_filename> This subparameter provides the option for all commands that have command line options

to use an input file.

The first line of the input file is a comma-separated list of options that the columns represent. This list can be any (non-empty) subset of valid options in any order. For Boolean options, such as -cs, a column value of 0 or FALSE (not case-sensitive) turn off the option. All other values, including the empty value, turn on the option.

-list -servers This subparameter lists all BlackBerry Enterprise Server and messaging server instances.

-o <output_filename> This subparameter provides the option to create an output file.

You can use this subparameter with any command.

-p <password> This subparameter specifies the authentication password that the BlackBerry Enterprise

Server User Administration Tool uses to extract authentication credentials from the Windows® registry and use in command line options. The parameter was previously used to authenticate the BESUserAdminClient with the BESUserAdminService.

-set_client_auth This parameter specifies the credentials that the BlackBerry Enterprise Server User

Administration Tool uses to authenticate with the BlackBerry Administration Service. You run the following command:

besuseradminclient -set_client_auth <credentials_to_set> -set_p <password>

Previously, -set_client_auth was a subparameter that was used with other commands.

Administration Guide

Parameter Description

-stats -service -b <instance> and

-stats -service -email <instance>

These subparameters display statistics for a BlackBerry Enterprise Server component or for a BlackBerry Messaging Agent instance.

They replace the following subparameters:

• -stats -b <instance>

• -stats -servers

-v <level> The <level> variable allows you to specify the level of detail that is provided in log files by

using one of the following options:

• TRACE

• DEBUG

• WARNING

• ERROR

• INFORMATIONAL

The default level is set at DEBUG.

The -v parameter was previously used to specify only a verbose reporting level.

Parameters that are no longer used in the BlackBerry Enterprise Server User Administration Tool

Parameter Description

-add -u -domaddrsvr <servername>

This parameter was used by the BlackBerry Enterprise Server User Administration Tool to identify the remote address book server to look up a user.

-add -infofile This parameter has been enhanced to -add -i <input_filename>.

- change -infofile This parameter has been enhanced to -change -i <input_filename>.

- change -u -cpin This parameter was used to remove the PIN for a user account from the BlackBerry

Configuration Database.

-delete -f This parameter has been enhanced to -delete -force.

-delete -hard This parameter has been enhanced to -delete -force.

-stats -b <instance> This parameter has been enhanced to -stats -service -b <instance> and -stats -service -

email <instance>.

-stats -servers This parameter has been enhanced to -stats -service -b <instance> and -stats -service -

email <instance>.

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

If your organization uses applications that work with previous versions of the BlackBerry® Enterprise Server User Administration Tool, in many cases, these applications also work with version 5.0 of the tool.

Supported authentication models

In BlackBerry® Enterprise Server version 5.0, the models for authentication (login) and authorization (roles or capabilities) for administration are different from the models that were used in previous versions.

BlackBerry Enterprise Server version 5.0 supports the following authentication models:

• BlackBerry Administration Service authentication (default)

• mailbox authentication (IBM® Lotus® Domino® environment only)

• Microsoft® Active Directory® authentication

BlackBerry Enterprise Server version 5.0 does not support Windows® authentication or Microsoft® SQL Server® authentication.

You must create one of the following administrators with sufficient credentials to authenticate with the BlackBerry Administration Service:

• administrator in the BlackBerry Administration Service

• mailbox administrator (IBM Lotus Domino environment only)

• administrator in Microsoft Active Directory

Roles or capabilities that are based on database user accounts are not supported in BlackBerry Enterprise Server version 5.0.

For more information about how to create a BlackBerry Administration Service administrator, visit www.blackberry.com/go/

serverdocs to read the BlackBerry Enterprise Server Administration Guide.

Authentication credentials

In the BlackBerry® Enterprise Server User Administration Tool version 5.0, you can use the following parameters interchangeably:

• "-username" or "-sqluser" (authentication user name)

• "-password" or "-sqlpass" (authentication password)

The BlackBerry Enterprise Server User Administration Tool uses the values associated with these options for the authentication and authorization models that are supported in the BlackBerry® Enterprise Server version 5.0. The tool does not does not support Microsoft® SQL Server® authentication or roles or capabilities that are defined on the Microsoft SQL Server database engine.

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

Syntax for authentication credentials

In the BlackBerry® Enterprise Server User Administration Tool BlackBerry Enterprise Server User Administration Tool, the variable <credentials> represents the user name and password that you use for authentication with the BlackBerry Administration Service.

The BlackBerry Enterprise Server User Administration Tool uses the following syntax for authentication credentials.

Item Description

-username <user name>

-sqluser <user name>

-password <password>

-sqlpass <password>

-domain <domain> authentication domain

-bas_auth use BlackBerry Administration Service authentication (default)

-mailbox_auth use mailbox authentication (IBM® Lotus® Domino® environment only)

-ad_auth use Microsoft® Active Directory® authentication

authentication user name

authentication password

In the BlackBerry Enterprise Server User Administration Tool, the variable <credentials> represents the user name and password that you use for authentication with the BlackBerry Administration Service.

Setting authentication credentials

Storing an encrypted set of authentication credentials in the Windows registry

The BlackBerry® Enterprise Server User Administration Tool uses the -set_client_auth <credentials> -set_p <password> command to store credentials in the Windows® registry and then insert the credentials into the command line options.

Example

BESUserAdminClient -username admin -password password -set_client_auth "-username smoser -password password1 ad_auth -domain test.rim.net" -set_p password

This creates the following Windows registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Resource Kit\BESUserAdmin\ClientAuth

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

Extracting credentials that are stored in the Windows registry

The BlackBerry® Enterprise Server User Administration Tool uses the -p <password> command to extract and decrypt credentials that are stored in the Windows® registry and then inserts the credentials into the command line options.

Example

BESUserAdminClient -p password1 -status This runs the following command: BESUserAdminClient -username smoser -password password1 -ad_auth -domain test.rim.net -status

String value requirements

To specify -set_client_auth values that contain characters in double quotation marks, you must surround the entire string with double quotation marks. You must use a set of quotation marks to escape every embedded set of characters that are in double quotation marks.

Example: Using double quotation marks to specify a work location nickname for a user

If you have two users with the same name, Sam Moser, one of whom works in Waterloo and the other in New York, you can specify the work location for the user as a nickname.

BESUserAdminClient -username "Sam \"Waterloo\" Moser" -password password -status You store this option and value in the Windows® registry using the following command: BESUserAdminClient -set_p password1 -set_client_auth "-username ""Sam \"\"Waterloo\"\" Moser"" -password password"

Use cases

In all the following examples, you log on to the computer that hosts the BlackBerry® Enterprise Server User Administration Tool using the following credentials:

• User name: NTLMU1

• Password: NTLMP1

Example: Running a command using SQL authentication

You log on to the computer that hosts the BlackBerry Enterprise Server User Administration Tool using the following credentials:

• User name: SQLU1

• Password: SQLP1

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

BlackBerry Enterprise Server User Administration Tool version 4.1.x

Run the following command: BESUserAdminClient -p password1 -sqluser SQLU1 -sqlpass SQLP1...

Example: Running a command using Windows authentication

BlackBerry Enterprise Server User Administration Tool version 4.1.x

Run the following command: BESUserAdminClient -p password1...

BlackBerry Enterprise Server User Administration Tool version 5.0

Initial configuration (perform once):

1. Create a BlackBerry Administration Service administrator with the following credentials:

• User name: SQLU1

• Password: SQLP1

2. Save the BlackBerry Administration Service administrator credentials in the Windows registry using the following command: BESUserAdminClient -

set_client_auth "-bas_auth" -set_p password1

Then run the following command: BESUserAdminClient -p

password1 -sqluser SQLU1 -sqlpass SQLP1....

BlackBerry Enterprise Server User Administration Tool version 5.0

Initial configuration (perform once):

1. Create a BlackBerry Administration Service administrator with the following credentials:

• User name: BASU1

• Password: BASP1

2. Save the BlackBerry Administration Service administrator credentials in the Windows® registry using the following command: BESUserAdminClient -

set_client_auth "-username BASU1 -password BASP1 -bas_auth" -set_p password1

Then run the following command: BESUserAdminClient -p password1

Administration Guide

Compatibility of authentication methods with previous versions of the BlackBerry Enterprise Server User Administration Tool

Example: Changing the authentication credentials in the Windows registry to a Microsoft Active Directory user

BlackBerry Enterprise Server User Administration Tool version 4.1.x

BlackBerry Enterprise Server User Administration Tool version 5.0

Not applicable Run the following command:

BESUserAdminClient -set_client_auth "-username ADU1

-password ADP1 -ad_auth -domain D1" -set_p password1

Example: Changing the client password

BlackBerry Enterprise Server User Administration Tool version 4.1.x

1. Remove the existing BlackBerry Enterprise Server User Administration Tool service.

2. Re-install the service using the new client password.

BlackBerry Enterprise Server User Administration Tool version 5.0

Run the following command:

BESUserAdminClient -set_client_auth "-username ADU1

-password ADP1 -ad_auth -domain D1" -set_p password2

Example: Overriding the requirement to use authentication credentials in the Windows registry

BlackBerry Enterprise Server User Administration Tool version 4.1.x

BlackBerry Enterprise Server User Administration Tool version 5.0

Not applicable Run the following command:

BESUserAdminClient -username username1 -password password1..

Example: Denying access permanently or temporarily using the -p command

BlackBerry Enterprise Server User Administration Tool version 4.1.x

BlackBerry Enterprise Server User Administration Tool version 5.0

Change the appropriate Windows registry entry. Run the following command:

BESUserAdminClient -set_client_auth "" -set_p password

Administration Guide

Managing user accounts

The BlackBerry® Enterprise Server uses predefined roles that correspond to common administrative roles in organizations to control who can perform specific tasks and to limit who can access sensitive data.

The BlackBerry Enterprise Server User Administration Tool uses the BlackBerry Administration Service credentials that you type on the command line.

Your current role is defined by the BlackBerry Administration Service. The -v parameter in the BlackBerry Enterprise Server User Administration Tool does not display your role.

The authentication information is encrypted when it passes from the BlackBerry Enterprise Server User Administration Tool to the BlackBerry Administration Service and to the BlackBerry Configuration Database.

Adding user accounts

Add a new user account to the BlackBerry Enterprise Server

1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts

the tool, on the taskbar, click Start > Programs > BlackBerry Enterprise Server Resource Kit > BlackBerry Enterprise Server User Administration Tool > BlackBerry Enterprise Server User Administration Tool.

2. Type besuseradminclient <credentials> -add and the following parameters:

• -u <user_name>

• -pin <PIN> (use with the -u parameter for the BlackBerry® Enterprise Server for MDS Applications only)

• -b <instance>

Example: Adding a user account to a BlackBerry Enterprise Server for Microsoft Exchange, and assigning an IT policy

besuseradminclient-username admin -password password -add -u smoser@test.rim.net -b server1 -it_policy “User Can Change Timeout”

Example: Adding a user account to a BlackBerry Enterprise Server for IBM Lotus Domino, and assigning an IT policy

besuseradminclient -username admin -password password -add -u “CN=Sam Moser/O=Server01” -b CN=Server01/ O=test.rim.net -it_policy “User Can Change Timeout”

Example: Adding a user account to a BlackBerry Enterprise Server for Novell GroupWise, and assigning an IT policy

besuseradminclient -username admin -password password -add -u sammoser -b server01 -it_policy “User Can Change Timeout”

Example: Adding a user account to a BlackBerry Enterprise Server for MDS Applications, and assigning an IT policy

besuseradminclient -username admin -password password -add -u xxxxxxxx -pin xxxxxxxx -b server01 -it_policy “User Can Change Timeout”

Administration Guide

Adding user accounts

Add a new user account to a group

1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -add and the following parameters:

• -u <user_name>

• -b <instance>

• -group <group_name>

Example: Adding a new user account to a BlackBerry Enterprise Server for Microsoft Exchange, to a user group, and to an IT policy

besuseradminclient -username admin -password password -add -u smoser@test.rim.net -b server01 -group administrators it_policy “User Can Change Timeout”

Add an existing user account to a group

1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -change and the following parameters:

• -u <user_name>

• -b <instance>

• -group <group_name>

Example

besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server1 -group administrators

Assign a software configuration to a user account

1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -assign_swconfig and the following parameters:

• -u <user_name>

• -sw <configuration_name>

Administration Guide

Example

besuseradminclient -username admin -password password - assign_swconfig -u "sam, moser” -b server1 -sw games

Finding user accounts

Find a user account

You can use the -u subparameter to specify the user account that the BlackBerry® Enterprise Server User Administration Tool searches for.

1. To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -find and the following parameter:

• -u <user_name>

Example: Finding a user account on the BlackBerry Enterprise Server for Microsoft Exchange

besuseradminclient -username admin -password password -find -u smoser@test.rim.net

Changing and removing user accounts

Move a user account to a different BlackBerry Enterprise Server

The source and the target BlackBerry® Enterprise Server instances must use the same BlackBerry Configuration Database.

1. To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -move and the following parameters:

• -b <instance> (source BlackBerry Enterprise Server instance)

• -u <user_name>

• -t <instance> (target or destination BlackBerry Enterprise Server instance)

Example: Moving a user account to a different BlackBerry Enterprise Server for Microsoft Exchange

besuseradminclient -username admin -password password -move -u smoser@test.rim.net -b server01 -t server02

Administration Guide

Changing and removing user accounts

Move a user account to a different user group

A user account can belong to more than one group. You can perform this task if you want the user account to belong to only the group that you specify.

Before you begin:

Delete the user account from the existing group.

1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -change and the following parameters:

• -u <user_name>

• -b <instance>

• -group <group_name>

Example

besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server01 -group security

Delete a user account from a group

1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -change and the following parameters:

• -u <user_name>

• -b <instance>

• -cgroup <group_name>

Example: Deleting a user account from a user group on the BlackBerry Enterprise Server for Microsoft Exchange

besuseradminclient -username admin -change -u smoser@test.rim.net -b server01 -cgroup powerusers

Delete a software configuration from a user account

1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -assign_swconfig -csw and the name of the software configuration.

Administration Guide

Example

besuseradminclient -username admin -password password -assign_swconfig -csw config1 -u “sam, moser” -b server1

Change user account settings

Delete a user account from the BlackBerry Enterprise Server

1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -delete and the following parameters:

• -u <user_name>

• -b <instance>

Example: Deleting a user account from the BlackBerry Enterprise Server for Microsoft Exchange

besuseradminclient -delete -username admin -password password -u smoser@test.rim.net -b server01

Change user account settings

The BlackBerry® Enterprise Server for MDS Applications does not support this task.

1. To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -change and the following parameters:

• -u <user_name>

• -b <instance>

Example: Clearing the user account filters

besuseradminclient -username admin -password password -change -u smoser@test.rim.net -b server01 -cf

Example: Making the BlackBerry MDS Connection Service unavailable to a user account, changing the activation password, and specifying the password expiry time for the user account

besuseradminclient -change -username admin -password password -u smoser@test.rim.net -b server01 -dm -w password3 -wt 96

Example: Specifying the activation password and the password expiry time for a group of users

besuseradminclient -change -username admin -password password -g administrators -w password3 -wt 120

Administration Guide

List the groups in a BlackBerry Domain

1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -list -groups.

Example

besuseradminclient -username admin -password password -list -groups

Administration Guide

Managing email message forwarding

Turn on or turn off email message forwarding

The BlackBerry® Enterprise Server for MDS Applications does not support this task. By default, email message forwarding is turned off.

1. To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts

2. Perform one of the following actions:

• To turn on email message forwarding, type besuseradminclient <credentials> -change -er and the following

parameters:

• -u <user_name>

• -b <instance>

• To turn off email message forwarding, type besuseradminclient <credentials> -change -dr and the following

parameters:

• -u <user_name>

• -b <instance>

Example: Turning on email message forwarding for a user account

besuseradminclient -username admin -password password1 -change -u smoser@test.rim.net -b server01 -er

Example: Turning off email message forwarding for a user account

besuseradminclient-username admin -password password1 -change -u smoser@test.rim.net -b server01 -dr

List the folders that are available for email message forwarding

The BlackBerry® Enterprise Server for MDS Applications does not support this task.

1. To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -list -folders and the following parameters:

• -u <user_name>

• -b <instance>

Example

Administration Guide

besuseradminclient -username admin -password password -list -folders -u sammoser -b server01

Turn on or turn off email message forwarding for folders

The BlackBerry® Enterprise Server for MDS Applications does not support this task. If you are using the BlackBerry® Enterprise Server for Microsoft® Exchange, a folder name can contain a slash mark (/). To specify

the folder, you must type the escape character backslash (\) before the slash mark.

1. To open the command window for the BlackBerry Enterprise Server User Administration Tool, on the computer that hosts

2. Perform one of the following actions:

• To turn on email message forwarding for folders, type besuseradminclient <credentials> -set_folder_redirection - er and the following parameters:

• -u <user_name>

• -b <instance>

• -foldername <folder_name>

• To turn off email message forwarding for folders, type besuseradminclient -set_folder_redirection <credentials> - dr and the following parameters:

• -u <user_name>

• -b <instance>

• -foldername <folder_name>

Example: Turning on email message forwarding for a folder

besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 foldername Sent -er

Example: Turning off email message forwarding for a folder

besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 foldername Sent -dr

Example: Turning on email message forwarding for a folder using a folder name that contains a slash mark

besuseradminclient -username admin -password password1 -set_folder_redirection -u smoser@test.rim.net -b server01 foldername Inbox\/subfolder1\/sub\/folder2 -er

Administration Guide

Managing IT policies and IT policy rules

List the IT policy rules in an IT policy

1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -list -it_policy_rules and the following parameter:

• -it_policy <policy_name>

Example: Listing the IT policy rules and displaying them in an output file

besuseradminclient -username admin -password password -list -it_policy_rules -it_policy "Advanced Security" -o AdvancedSecurity.csv

Example output

Policy Name, Policy Group, Rule Name, Rule Value, Rule Type Advanced Security, Device only, User Can Disable Password, No, BOOLEAN Advanced Security, Bluetooth, Disable Serial Port Profile, Yes, BOOLEAN Advanced Security, Security, Force Lock When Holstered, Yes, BOOLEAN Advanced Security, Password, Maximum Password History, 6, INTEGER Advanced Security, Device only, Password Pattern Checks, At least 1 alpha and 1 numeric character, ENUMERATION: 0|No

restriction|1|At least 1 alpha and 1 numeric character|2|At least 1 alpha, 1 numeric, and 1 special character|3|At least 1 upper-case alpha, 1 lower-case alpha, 1 numeric, and 1 special character

Advanced Security, Bluetooth, Disable File Transfer, Yes, BOOLEAN Advanced Security, Bluetooth, Disable Discoverable Mode, Yes, BOOLEAN Advanced Security, Bluetooth, Require LED Connection Indicator, Yes, BOOLEAN Advanced Security, Device only, Enable Long-Term Timeout, Yes, BOOLEAN Advanced Security, Policy Information, IT Policy Name, Advanced Security, STRING Advanced Security, Security, Disable USB Mass Storage, Yes, BOOLEAN Advanced Security, Security, Content Protection Strength, Strong, ENUMERATION: 0|Strong|1|Stronger|2|Strongest Advanced Security, Device only, User Can Change Timeout, Yes, BOOLEAN

Administration Guide

Advanced Security, Security, External File System Encryption Level, Encrypt to User Password (excluding multi-media directories), ENUMERATION: 0|Not Required|1|Encrypt to User Password (excluding multi-media directories)|2|Encrypt to User Password (including multi-media directories)|3|Encrypt to Device Key (excluding multi-media directories)|4|Encrypt to Device Key (including multi-media directories)|5|Encrypt to User Password and Device Key (excluding multimedia directories)|6|Encrypt to User Password and Device Key (including multimedia directories)

Advanced Security, WLAN, WLAN Allow Handheld Changes, No, BOOLEAN Advanced Security, Device only, Maximum Security Timeout, 10, INTEGER Advanced Security, Bluetooth, Disable Address Book Transfer, Yes, BOOLEAN Advanced Security, Device only, Maximum Password Age, 30, INTEGER Advanced Security, Device only, Password Required, Yes, BOOLEAN

Set IT policy rules for a user account

1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -set_user_itpolicy_rule and the following parameters:

• -u <user_name>

• -b <instance>

• -policyrule <rule_name>

• -policyvalue <value>

Example: Specifying a single IT policy rule for a user account

besuseradminclient -username admin -password password -set_user_itpolicy_rule -u smoser@test.rim.net -b server01 policyrule “VPN User Name” -policyvalue smoser

List the IT policies in the BlackBerry Configuration Database

1. To open the command window for the BlackBerry® Enterprise Server User Administration Tool, on the computer that hosts

2. Type besuseradminclient <credentials> -list -it_policies.

Example

besuseradminclient -username admin -password password -list -it_policies

+ 65 hidden pages