Question : Problem: Blackberry Send As Permission when adding new devices.

Hello Experts,

After doing the DST update and correcting the save ae permission issue with the following answer:

“garycutri:
This is very easy to fix. All you need to do is stop the "BlackBerry Router" service, then go into Active Directory and from the "View" menu select "Advanced Features", then go to every BlackBerry user in AD and open their properties. For their properties window select the "Security" tab, from here add your BES account (normally BESadmin) and only add the permission "Send As". You will have to repeat this for all users on your BES, wait 20 minutes after you have done all the users and then start the "BlackBerry Router" again.

If you have any admin users with BlackBerry devices it will inherited permissions from the "Admin" group and it will remove the BESadmin "Send As" permission". So all you need to do is closely note down any inherited permission to the user in the security tab, then go to the advanced option and untick “Allow inheritable permissions from the parent …”. Once you have done this ensure any required permissions are added back to the admin user then add BESadmin with “Send As” permissions again. Once again wait 20 minutes before restarting the “BlackBerry Router” service.

If anyone want to know the relevance of stopping the router service for 20 minutes it the amount of time the BES server takes to clear it cache locally and on the relay.”

THANK YOU GARY!!!

I have the following question.

1. If  I accidentally missed one user (which of course I did ), and I do not believe that I missed anymore, do I need to stop the “BlackBerry Router” each time I make a mistake. Or will it correct itself.

2. When adding new PDA’s to the BES do I add the “Send as Permission” to the new user in AD prior to configuring the PDA on the BES server to avoid having to stop the “BlackBerry Router”

Thank You,

Wendell

Answer : Problem: Blackberry Send As Permission when adding new devices.

Sorry you will have to stop the BlackBerry router for 20 minutes to clear the cache.  By adding BESadmin with Send As permissions prior to adding them to the BES it will overcome this issue.  Also below I have outlined a new streamlined process for fixing this issue:

To correct the "Send As" issue I have outlined the steps I use to quickly resolve this issue:

1. Stop the Blackberry Router service.

2. Open Active Directory and from the View menu select "Advanced Features". Then go to each user that will be added to the BES and open their properties, go to the security tab and add the user BESadmin and add the security permission "Send As".

3. Run the following script logged on as Administrator (This allows admin users to send):

dsacls "cn=adminsdholder,cn=system,dc=domainname,dc=c om " /G "DOMAINNAME\BESadmin:CA;Send As"

Example 1: dsacls "cn=adminsdholder,cn=system,dc=experts-exchange,dc=com " /G "EXPERTS_EXCHANGE\BESadmin:CA;Send As"

Example 2: dsacls "cn=adminsdholder,cn=system,dc=blackberryforums,dc =com,dc=au " /G "BLACKBERRYFORUMS\BESadmin:CA;Send As"

Example 3: dsacls "cn=adminsdholder,cn=system,dc=mobilenetwork,dc=lo cal" /G "MOBILENETWORK\BESadmin:CA;Send As"

NOTE: dsacls can be found in the Windows Server 2003 SP1 Support Tools pack:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D

4. Wait 20 minutes and then restart the BlackBerry Router service.

5. Restart the BES server.