Automatic vs Manual Provisioning of the BlackBerry Collaboration Service for Microsoft Office Communications Server 2007 R2, Lync 2010 or Lync 2013

Article ID: KB32188

Type: Support Content

Last Modified: 11-26-2013


Product(s) Affected:

  • BlackBerry Enterprise IM for BlackBerry 10
  • BES5
Jump to: Environment | Overview
  • BlackBerry Enterprise Server 5.0 SP3 to SP4
  • BlackBerry Collaboration Service 10.1 to 10.2
  • Microsoft Office Communications Server 2007 R2
  • Microsoft Lync 2010 and 2013

What are the differences and benefits of Automatic and Manual Provisioning of the BlackBerry Collaboration Service in BlackBerry Enterprise Server 5.0 SP3?

Provisioning refers to the process that allows the BlackBerry Collaboration Service to act as a Trusted Application Server when communicating with the Front End Pool servers for Microsoft Office Communications Server 2007 R2 and Microsoft Lync 2010. This is a requirement when communicating via MTLS.

Automatic Provisioning is the default method that the BlackBerry Collaboration Service uses to write itself as a Trusted Server in Active Directory. However, some large environments where there are many globally located Domain Controllers may have a lag in Replication, and may cause duplication of the Trusted Service entries.

Manual Provisioning is an available option that removes the necessity of the BlackBerry Collaboration Service to rewrite the Trusted Service entries in Active Directory, and only has to ensure that the entry is indeed in Active Directory.


Please refer to the BlackBerry Enterprise Server product documentation (Installation & Configuration Guide) for more information about provisioning the BlackBerry Collaboration Service.

KB28474 - How to manually provision BlackBerry Collaboration Service in Microsoft Lync 2010 using PowerShell


Method Pros Cons
  • Simplified functionality - no requirements for additional teams to provision the servers
  • Changes to settings via the BlackBerry Administration Service console will update the Active Directory Trusted Service entries
  • Requires elevated permissions (RTCUniversalServerAdmins)
  • Can be problematic if there are Active Directory replication issues or delays
  • The BlackBerry Collaboration Service removes and regenerates the Active Directory Trusted Service entry every time the service starts
  • Does not require elevated permissions
  • Allows Instant Messaging teams to ensure security by provisioning the Trusted Application servers
  • The BlackBerry Collaboration Service does not have to recreate the Trusted Service entry when the service starts
  • Once Active Directory has replicated, the Trusted Service entry does not need to change
  • The BlackBerry Collaboration Service only needs to read the existing record, improving stability
  • Requires additional staff to provision the servers hosting the BlackBerry Collaboration Service (an administrator with RTCUniversalServerAdmins permission)
  • Relies on external intervention to ensure that the Trusted Service entry is correctly loaded into Active Directory


By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.

Visit the BlackBerry Technical Solution Center at