Unable to add users from parent domain when BlackBerry Enterprise Server is installed in child domain

Article ID: KB32700

Type: Support Content

Last Modified: 05-22-2013

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Microsoft Exchange
CollapseEnvironment
  • BlackBerry Enterprise Server 5.0 SP4 for Microsoft Exchange
  • DT 3859275
  • DT 6185030

     

CollapseOverview

By default the installer for BlackBerry Enterprise Server 5.0 SP4 for Microsoft Exchange will enable Lightweight Directory Access Protocol (LDAP) for populating the local company directory. In previous versions MAPI is the default method used to populate the local company directory. This functionality is what presents Administrators with the ability to add BlackBerry users through BlackBerry Administration Service. If a BlackBerry Enterprise Server exists in a child domain, users from parent or parallel domains will not be populated by default.

CollapseCause

The below registry key is what the installer now creates by default:

For Windows Server versions prior to 2008:
HKEY_LOCAL_MACHINE\Software\Research In Motion\BlackBerry Enterprise Server\Agents

For Windows Server 2008 environments:
HKEY_LOCAL_MACHINE\Software\wow6432node\Research In Motion\BlackBerry Enterprise Server\Agents
Registry Key: LDAPSearch
Data Type: DWORD (32 bit)
Value: 1

CollapseWorkaround

Warning: The following procedure involves modifying the computer registry. This can cause substantial damage to the Windows operating system. Document and back up the registry entries prior to implementing any changes.

To restore to previous settings in 5.0 SP4 functionality you can set the value of LDAPSearch to 0. A lternatively, additional registry keys can be created to better take advantage of LDAP. See the instructions below for taking advantage of LDAP, by changing the following LDAP settings:

  1. Create an LDAPDomain key:
     
    For Windows Server versions prior to 2008:
    HKEY_LOCAL_MACHINE\Software\Research In Motion\BlackBerry Enterprise Server\Agents 
     
    For Windows Server 2008 environments:
    HKEY_LOCAL_MACHINE\Software\wow6432node\Research In Motion\BlackBerry Enterprise Server\Agents
    Registry Key: LDAPDomain
    Data Type: String
    Value: <FQDN of Global Catalog Server>:3268 (for example: childdomain.example.com:3268) ( Note: A Global Catalog Server in the root domain (top level) should be used.)
     
  2. Create LDAPBaseDN.
     
    For Windows Server versions prior to 2008:
    HKEY_LOCAL_MACHINE\Software\Research In Motion\BlackBerry Enterprise Server\Agents
     
    For Windows Server 2008 environments:
    HKEY_LOCAL_MACHINE\Software\wow6432node\Research In Motion\BlackBerry Enterprise Server\Agents
    Registry Key: LDAPBaseDN
    Data Type: String
    Value: <Distinguished name of the top level domain> (for example: DC=EXAMPLE,DC=COM)
     
  3. Restart BlackBerry Controller Service. (Important: Restarting the BlackBerry Enterprise Server or its services may delay message delivery to BlackBerry smartphones.)
  4. Log in to the BlackBerry Administration Service web console.
  5. Click Create User > Search and select Refresh available user list from company directory.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.