Permissions set at the Administrative Group or Microsoft Exchange Server level are not inherited by the mailbox of the BlackBerry Smartphone user

Article ID: KB15196

Type: Support Content

Last Modified: 08-31-2012

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Microsoft Exchange
CollapseEnvironment
  • BlackBerry® Enterprise Server for Microsoft® Exchange
  • Microsoft® Exchange Server 2007 SP1
  • Microsoft Exchange Server 2010
CollapseOverview

Permissions set at the Administrative Group or Microsoft Exchange Server level are not inherited by the mailbox of the BlackBerry Smartphone user.

Note: Permissions can be applied directly to the Mailbox Database.

CollapseCause

The inheritance is turned off at either the Storage Group or the Mailbox Database level.

CollapseResolution

To correct the inheritance issue, complete the following steps:

  1. Use the Exchange Management Console to find the Microsoft Exchange Server name, Storage Group, and Mailbox Database name for the BlackBerry Smartphone user.
    1. Open the Exchange Management Console. For more information, see Using the Exchange Management Console at www.microsoft.com.
    2. Under Recipient Configuration, click Mailbox.
    3. Right-click the mailbox for the BlackBerry Smartphone user.
    4. Click Properties.
    5. Click General.
    6. Record the information in the Exchange server and Mailbox database fields.

    Once the BlackBerry Smartphone user's mailbox database name is verified, use the Exchange Management Shell command to apply Send-As, Receive-As, and ms-Exch-Store-Admin  permissions. Additionally the ms-Exch-Store-Visible permission is required for Microsoft Exchange Server 2010. Make sure the commands are run as either Domain Administrator or Exchange Full Administrator.

  2. Open the Exchange Management Shell.
    1. Click Start > All Programs > Microsoft Exchange Server 2007.
    2. Click Exchange Management Shell.
  3. Run the command, using one of the following options
      • To run the command locally on Microsoft Exchange Server 2007 or Microsoft Exchange Server 2007 Service Pack 1, type the following:

        add-adpermission -user BESAdmin –identity “<mailbox_database_name>” -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

      • To run the command from another computer, type the following:

        set -mailboxserver <messaging_server_name> add-adpermission -user BESAdmin –identity <mailbox_database_name>-accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

      • For Microsoft Exchange Server 2010 use the following command

      Get-MailboxDatabase | Add-ADPermission -User "BESAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin, ms-Exch-Store-Visible

    CollapseAdditional Information

    The Microsoft® Active Directory® sites and services can be used to verify the mailbox permission on the Microsoft Exchange 2007 Server. In order to have the Microsoft Active Directory sites and services feature, Windows Support Tools need to be installed. If the Windows Support Tools are not installed, login to a domain controller.

    1. On the domain controller, start the Active Directory Sites and Services.
    2. Right-click Active Directory Sites and Services.
    3. Click View and select Show Services Nodes.
    4. Expand Services Folder.
    5. Expand Microsoft Exchange > Exchange Organization Name > Administrative Groups > Servers > Information Store.
    6. Right-click Mailbox database > Properties > Security.
    7. Verify that the BlackBerry Enterprise Server service account has the appropriate permission for the mailbox store.

     

    Disclaimer

    By downloading, accessing or otherwise using the Knowledge Base documents you agree:

       (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

       (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


    Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.