How to set account permissions in Microsoft Exchange Server 2007 for the BlackBerry Service Account

Article ID: KB12483

Type: Support Content

Last Modified: 06-20-2012

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Microsoft Exchange
CollapseEnvironment
  • BlackBerry® Enterprise Server 4.1 SP3 to 5.0 SP3 for Microsoft® Exchange
  • BlackBerry® Enterprise Server Express 5.0 SP3
  • Microsoft® Exchange Server 2007
CollapseOverview

The following permissions are required for the BlackBerry Enterprise Server to function correctly in a Microsoft Exchange Server 2007 environment:

  • Exchange View Only Administrator role
  • Send As
  • Receive As
  • Administer Information Store

Exchange View Only Administrator role

To set or to check the Exchange View Only Administrator role, complete the following steps:

    Access the Microsoft Exchange Management Shell by clicking Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.

  1. To set the Exchange View Only Administrator role, type the following command:

    add-exchangeadministrator <service_account_name> -role ViewOnlyAdmin

    where <service_account_name> is the name of the Windows® account (for example, BESAdmin).

    To check the Exchange View-Only Administrator role, type the following command:

    get-exchangeadministrator | Format-List

The Windows account should be displayed with a ViewOnlyAdmin role.


Send As, Receive As, and Administer Information Store permissions

To set or to check the Send As, Receive As, and Administer Information Store permissions, complete the following steps:

  1. Access the Microsoft Exchange Management Shell by clicking Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.

  2. To set the Send As, Receive As, and Administer Information Store permissions, type the following command:

    get-mailboxserver <server_name> | add-adpermission -user <service_account_name> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

    where <server_name> is the name of the Microsoft Exchange Server 2007 or Microsoft Exchange cluster.

    - If inheritance to the individual mail stores is not enabled, to set the Send As, Receive As, and Administer information store permissions at the store level, complete the following steps from the Microsoft Exchange management shell:

    get-mailboxdatabase <server_name>\' First Storage Group\Mailbox Database' | add-adpermission -user <service_account_name> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

    Note: First Storage Group\Mailbox Database is the default mailbox name within Microsoft Exchange 2007

    - If inheritance to the individual mail stores is not enabled on a custom mailbox database, to set the Send As, Receive As, and Administer information store permissions at the store level, complete the following steps from the Microsoft Exchange management shell:

    Add-ADPermission –identity "<custom database name>" –user "<service_account_name>" -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

  3. To check the Send As, Receive As, and Administer Information Store permissions, type the following command in the Microsoft Exchange Management Shell:

    get-mailboxserver <server_name> | get-ADpermission -user <service_account_name> | Format-List

    To verify the Send As, Receive As, and Administer Information Store permissions at the mailbox store level, type the following command in the Microsoft Exchange Management Shell:

    get-mailboxdatabase <server_name>\<dbname> | get-ADpermission -user <service_account_name> | Format-List
CollapseAdditional Information

For additional CMDLet commands, visit the Microsoft TechNet web site and search for keywords such as "CMDLet commands".

To configure the required permissions for Microsoft Exchange Server 2000 or Microsoft Exchange Server 2003, see KB02276.

Note: Microsoft Exchange System Manager 2003 Service Pack 2 must be installed on the same computer as the BlackBerry Enterprise Server.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.