BlackBerry Enterprise Server 5: Activating Devices and Users


BlackBerry Enterprise Server 5 Implementation Guide

BlackBerry Enterprise Server 5 Implementation Guide

Simplify the implementation of BlackBerry Enterprise Server in your corporate environment

  • Install, configure, and manage a BlackBerry Enterprise Server
  • Use Microsoft Internet Explorer along with Active X plugins to control and administer the BES with the help of Blackberry Administration Service
  • Troubleshoot, monitor, and offer high availability of the BES in your organization
  • Updated to the latest version – BlackBerry Enterprise Server 5 Implementation Guide
        Read more about this book      

(For more resources on BES, see here.)

BlackBerry Enterprise users must already exist on the Microsoft Exchange Server. As with the administrative users, to make tasks and management of device users easier, we can create groups and add users to the groups, and then assign policies to the whole group rather than individual users. Again, users can be part of multiple groups and we will see how the policies are affected and applied when users are in more than one group.

Creating users on the BES 5.0

We will go through the following steps to create users on the BES 5.0:

  1. Within the BlackBerry Administration Service, navigate to the BlackBerry solution management section.
  2. Expand User and select Create a user.
  3. We can now search for the user we want to add either by typing the user's display name or e-mail address. Enter the search criteria and select Search.

  4. We then have the ability to add the user to any group we have already created; in our case we only have an administrative group. We have three options on how the user will be created, with regards to how the device for the user will be activated:
    • With activation password: This will allow us to set an activation password along with the expiry time of the activation password for the user
    • With generated activation password: The system will autogenerate a password for activation, based on the settings we have made in our BlackBerry Server (shown further on in this article)
    • Without activation password: This will create just a user who will have no pre-configured method for assigning a device

    BlackBerry Enterprise Server 5: Activating Devices and Users

  5. For this example, we will select Create a user without activation password. Once we have covered the theory and explored the settings within this article regarding activating devices, we will return to the other two options.

BlackBerry Enterprise Server 5: Activating Devices and Users

We can create a user even if the search results do not display the user—generally this occurs when the Exchange Server has not yet synched the user account to the BlackBerry Configuration Database, typically when new users are added. This method is shown in Lab.

Groups can be created to help manage users within our network and simplify tasks. Next we are going to look at creating a group that will house users—all belonging to our Sales Team.

Creating a user-based group

To create a user-based group, go through the following steps:

  1. Expand Group, select Create a group, in the Name field enter Sales Team, and click on Save.

  2. Select View group list.

    BlackBerry Enterprise Server 5: Activating Devices and Users

  3. Click on Sales Team.

    BlackBerry Enterprise Server 5: Activating Devices and Users

  4. Select Add users to group membership.

    BlackBerry Enterprise Server 5: Activating Devices and Users

  5. Select the user we have just created by placing a tick in the checkbox next to the user's name, and click on Add to group membership.

    BlackBerry Enterprise Server 5: Activating Devices and Users

  6. We can click on View group membership to confirm the addition of our user to the group.

    BlackBerry Enterprise Server 5: Activating Devices and Users

We will be adding more users to this group later on in the Lab when we import the users via a text file.

Preparing to distribute a BlackBerry device

Before we can distribute a BlackBerry device to a user using various methods, we need to address a few more settings that will affect how the device will initially be populated. By default when a device is activated for a user, the BlackBerry Enterprise Server will prepopulate/synchronize the BlackBerry device with the headers of 200 e-mail messages from the previous five days. We can alter these settings so that headers and the full body of the e-mail message can be synched to the device for up to a maximum of 750 messages over the past 14 days.

  1. In the BlackBerry Administration Service, under Servers and components expand BlackBerry Domain | Component view | Email and select the BES instance. On the right-hand pane select the Messaging tab.

  2. Scroll down and select Edit instance.

    BlackBerry Enterprise Server 5: Activating Devices and Users

  3. To ensure that both headers and the full e-mail message is populated to the BlackBerry Device, in the Message prepopulation settings, change the Send headers only drop-down to False.

  4. Change the Prepopulation by message age to a max of 14 days, by entering 14.
  5. We can change the number of e-mails that are prepopulated on the device by changing the number of Prepopulation by message count, again a max of 750.

By making the preceding two values to zero, we can ensure that no previous e-mails are populated on the device.

Within the same tab, we can set our Messaging options, which we will examine next. We have the ability to set:

  • A Prepended disclaimer (goes before the body of the message)
  • An Appended disclaimer (goes after the user's signature)

We can enter the text of our disclaimer in the space provided, then choose what happens if there is a conflict. The majority of these settings can also be set at a user level (settings made on the server override any settings made by the user, that's why it is best practice to have these set on the server level), which we will see later in Lab. If user setting exists then we need to notify the server how to deal with a potential conflict. The default setting is to use the user's disclaimer first then the one set on the server.

Bear in mind, the default setting will show both the user's disclaimer and then the server disclaimer on the e-mail message.

Wireless message reconciliation should be set to True—the BlackBerry Enterprise Server synchronizes e-mail message status changes between the BlackBerry device and Outlook on the user's computer. The BES reconciles e-mail messages that are moved from one folder to another, deleted messages, and also changes the status of read and unread messages. By default the BES performs a reconcile every 30 minutes; the reconcile is in effect checking that for a particular user the Outlook and the BlackBerry have the same information in their databases. If this is set to False then the above mentioned changes will only take effect when the device is plugged in to Desktop Manager or Web Desktop Access.

BlackBerry Enterprise Server 5: Activating Devices and Users

We have the option of setting the maximum size for a single attachment or multiple attachments in KB. We can also specify the maximum download size for a single attachment.

Rich content turned on set to True allows e-mail messages that contain HTML and rich content to be delivered to BlackBerry devices; having it set to False would mean all messages are delivered in plain text. This will save a lot of resources on the server(s) housing the BES components. We can set the same principle for downloading inline images.

Remote search turned on set to True—this will allow users to search the Microsoft Exchange server for e-mails from their BlackBerry devices.

In BES 5, we have a new feature that allows the user, when on his device-prior to sending out a meeting request—to check if a potential participant is available at that time or not. (Microsoft Exchange 2007 users need to make some changes to support this feature; see the BlackBerry website for further details on the hot fixes required.) Free busy lookup turned on is set to True if you want the above service. If system resources are being utilized heavily, this feature can be turned off by selecting False.

Hard deletes reconciliation allows users to delete e-mail messages permanently in Microsoft Outlook (by holding the shift + del keys). You can also configure the BES to remove permanently deleted messages from the user's BlackBerry device. You must have wireless reconciliation turned on for this to work.

Now that we have prepared our messaging environment, we are ready to activate our first user.

Activating users

When it comes to activating users, we have five options to choose from:

  • BlackBerry Administration Service: We can connect the device to a computer and log on to the BAS to assign and activate a device for a user
  • Over the Wireless Network (OTA): We can activate a BlackBerry to join our BES without needing it to be physically connected to our organization
  • Over the LAN: A user who has BlackBerry Desktop Manager running on his or her computer in the corporate LAN can activate the device by plugging the device into his or her machine and running the BlackBerry Desktop Manager
  • BlackBerry Web Desktop Manager: This is a new feature of BES 5 that allows users to connect the device to a computer and log in to the BlackBerry Web Desktop Manager to activate the device, with no other software required
  • Over your corporate organization's Wi-Fi network: You can activate Wi-Fi-enabled BlackBerry devices over your corporate Wi-Fi network

Before we look at each of the options available to us, let's examine what enterprise activation is and how it works along with its settings; this will also help us choose the best option for activating devices for users and avoid errors during the enterprise activation.

Understanding enterprise activation

To allow a user's device to join the BlackBerry Enterprise Server, we need to activate the device for the user when we create a user and assign the user an activation password. The user will enter his or her corporate e-mail address and the activation password into the device in the Enterprise Activation screen, which can be reached on the device by going to Options | Advance Options | Enterprise Activation. Once the user types in the information and selects Activate, the BlackBerry device will generate an ETP.dat message. It is important that if you have any virus scanning or e-mail sweeping systems running in your organization, we ensure that this type of filename with extension is added to the safe list. Please note that this ETP.dat message is only generated when we activate a device over the air. If we use other methods where the device is plugged in via a cable to activate it, NO ETP.dat file is generated. The ETP.dat message is then sent to the user's mailbox on the Exchange Server over the wireless network. To ensure that the activation occurs smoothly, make sure the device has good battery life and the wireless coverage on the device is less than 100db. This can be checked by pressing the following combination on the device Alt + NMLL. The BlackBerry Enterprise Server then confirms that the activation password is correct and generates a new permanent encryption key and sends it to the BlackBerry device. The BlackBerry Policy service then receives a request to send out an IT policy.

Service books control the wireless synchronization data. Data is now transferred between the BlackBerry device and the user's mailbox using a slow synch process. The information that is sent to the BlackBerry device is stored in databases on the device, and each application database is shown with a percentage completed next to it during the slow synch. Once the activation is complete, a message will pop up on the device stating 'Activation complete'. The device is now fully in synch with the user's mailbox and is ready to send and receive data.

Now that we have got a general grasp of the device activation process, we are going to look at the five options mentioned previously, in more detail.

Activating a device using BlackBerry Administration Service

This method provides a higher level of control over the device, but is more labor-intensive on the administrator as it requires no user interaction.

Connect the device to a computer that can access the BlackBerry Administration Service, and log in to the service using an account that has permissions to assign devices.

Under the Devices section, expand Attached devices. Click on Manage current device and then select Assign current device. This will then prompt you to search for the user's account that we want to assign the device to. Once we have found the user, we can click on User and then select Associate user and finally click on Assign current device.

        Read more about this book      

(For more resources on BES, see here.)

Activating devices over the wireless network—OTA

The wireless enterprise activation method allows a device to be associated with a user and provisioned to access the BES without connecting the device physically to your network. Using this method, the administrator provides the user with an activation password that they enter along with their e-mail address, into the Enterprise Activation program stored on the device, as described in the previous process. The password is created by the administrator and can be communicated to the user via an autogenerated e-mail or over the telephone.

The wireless activation password is created for each individual user account. It is a single use password, meaning that once the password has been used to activate a device, it is no longer valid. The password is only valid for 48 hours by default and is invalidated if the user unsuccessfully attempts to activate a device with the password five times. Let's have a look at some of the options available regarding this password.

In BlackBerry Administration Service, expand Wireless activations, click on Device activation settings, and on the right-hand pane select Edit activation settings.

The e-mail initialization section enables us to customize the automessage that is sent to users if we choose to generate and e-mail an activation password to the user. We can change the sender details to match the organization's administrative account and add a message to inform the users of the steps that need to be taken to activate the device, possibly including the helpdesk number and e-mail address, in case users run into any difficulties. In the Password settings section, we can enter the length of the password that users have to type into the device, which is by default set to six. We can also depict the type of password—SureType passwords help users that have devices, which don't support a full qwerty keyboard, such as the Pearl, making the entering of the password easier. We can also make sure that the autogenerated password is always in lowercase, or we can choose the setting that makes sure that the passwords are all alphanumeric characters. The default lifespan of the activation password is set to 48 hours. Once the 48 hours have passed, the activation password becomes invalid.

In the Lab, we will look at generating activation password for users within the Sales group, and also setting activation password manually for a user.

Activating devices over the LAN

Users can activate their device by plugging it into a machine in the corporate LAN and running BlackBerry Desktop Manager. Once the device is connected and BlackBerry Desktop Manager is started, a wizard will pop up asking the user to select the type of account they want the Desktop Manager to function with. The activation process using this method is described further:

  1. Connect the device to the PC in the LAN and launch BlackBerry Desktop Manager.
  2. From the wizard select the work e-mail account. It will then prompt you to move the mouse cursor, as mentioned earlier-this will generate the transport encryption keys.
  3. Once the keys are generated, the BlackBerry router will start the synch process by sending the user's e-mail messages and organizer data to the BlackBerry device; if the device is unplugged then the synch will still continue over the wireless network.

If you deploy this method as an administrator to activate the devices, create outlook profiles for all your users on one PC, and then when you launch the BlackBerry Desktop Manager, select the user profile for that device—you will need to make sure that the service account has full mailbox rights to read the user's outlook data.

Activating devices using BlackBerry Web Desktop Manager

The principle is the same as the previous one except this option does not need any software installed on the user's PC, and can be used to activate multiple devices by the Administrator by just logging in as the user. This can be done by browsing to the web desktop manager site that was created during the installation, the login page looks the same as the BlackBerry administration site except the fields are coloured green. You can log in as a user and activate the BlackBerry device, without having to install any additional software. To use this site you must be running Internet Explorer as the site will need to install a RIM Active X component that only functions in Internet Explorer. Once you have logged into the site you can select Activate Device from the menu, and also select the Troubleshooting tab to resend service books which will also force the activation if you are experiencing any issues.

Activating the device over the corporate Wi-Fi

It is vital that when you are carrying out over-the-air (OTA) activations that the ETP.dat file can traverse through your network infrastructure without being dropped or scanned by firewalls, filtering rules, or anti-virus protection. Before starting a corporate-wide wireless activation, it is always good to test by sending a test.dat file to a mail account on the Exchange server to ensure nothing is blocking the delivery of the file. Remember that the ETP.dat file is the main building block in enterprise activation—it's this file that kick starts the activation process.

Another common issue with activating devices is that they are not provisioned correctly by the wireless carrier to join a BlackBerry Enterprise Server. Each carrier has its own tariffs and options regarding provisioning a device to use a BES. Once you receive the device, before commencing activation download the Enterprise Activation Readiness tool, to see if the device is correctly provisioned by the wireless carrier to join a BES network.

There is a difference between the device being registered on the wireless network and the provisioning of the device to use a BES. A device that is registered on the wireless network means it can send and receive data—we can check this by sending a PIN message, as shown in the Lab. If the device is not registered, we can manually register it from the device by carrying out the following:

  1. Go to Options | Advance options | Hosting routing table, click on the BlackBerry button and select Register now.
  2. To see if the device is provisioned correctly for the BES, use the readiness tool mentioned, check with the wireless carrier. Also, you can see if the device has been sent the provisioning service book by clicking on Options | Service books | Provisioning.
  3. Once you download the tool, select the BlackBerry Enterprise Server, enter the PIN and IMEI number of the device (both information can be found on the device by going to Options | Status). The tool will indicate if the device is ready to be activated. To activate a device on BlackBerry Enterprise Server 5.0 or higher, you need to make sure that the device is running BlackBerry device software version 4.0 or higher, some features are only available on device software 5.0.
  4. It is also advisable to make sure that no instant forwarding is set on the user's mailbox that we are trying to activate—as when the device sends the ETP.dat file to the Exchange server and then on to the user's mailbox, if the message is forwarded instantly then the BlackBerry router and other BlackBerry components would not have enough time to process the message and the activation will just hang on the device. It will finally report an error message to contact the System Administrator.
  5. As mentioned before, it's important that the service account has the correct permissions so it can tap into the user's mailbox to process the ETP.dat file.
  6. In our case, we have to also remember that we have set an Enterprise Server Policy, which means that we must whitelist the device on the BES, using its PIN and making sure we have allowed that device model to join the BES.
  7. During activation, if the device is hung on 'waiting for services', it usually indicates that the device already has an IT policy applied to it or the BlackBerry Policy service is not started. For the latter, check servers on the BES server to see if the BlackBerry Policy service is started and is logged in using the service account we created—BESAdmin. For the first issue, it is best to wipe the device. This can be done by following the procedure:
    • Go to Options | Security options | General settings, click the BlackBerry button on the device and select Wipe Handheld.
    • It will then prompt you to enter the word 'blackberry' to confirm the wipe.
    • Finally, to avoid slow synch issues when the device is synching the address book, make sure that the contact has at least one of the following three fields populated:
      • First Name
      • Last Name
      • Company Name
  8. Content protection is disabled. It can be enabled once the activation is completed. A new feature in BES 5 allows the administrator to view the activations that are taking place. There are three stages of the act.
  9. Now that we have activated our BlackBerry device, we need to take a look at what options we have regarding the e-mails, contacts, tasks, and calendars-collectively known as PIM (Personal Information Management) or Organizational data.

Messaging environment

We have the option of setting filters to depict what messages the BlackBerry Enterprise Server forwards to the BlackBerry device. After activation, our device will be prepopulated with e-mails based on the settings we defined earlier. What we are looking at next is what types of messages will filter through to the user's device after it has been activated with the initial settings.

When the message comes into the mail messaging environment, the BlackBerry Enterprise Server can apply one of the following filters to the message:

  • Forward the message to the device
  • Forward the message with priority
  • Do not forward the message

As an administrator, when you create a message filter it overrides any message filter that is set by the users via BlackBerry Desktop Manager or Web Desktop Manager. We can create a global message filter that will be applied to all users on the BlackBerry Server. Users cannot see or change this filter and as mentioned it will override any filter that the user sets. Next, we are going to look at applying a global filter so that all direct messages from the Administrator account are not forwarded to the BlackBerry device.

  1. Log on to BlackBerry Administration Service.
  2. Under Servers and components, expand BlackBerry Solution topology followed by BlackBerry Domain and then Component view.
  3. Select Email and click on Edit instance.

  4. On the right-hand pane click on the Email message filters. Type a name for the message filter, and select the drop-down to Enabled—Yes.

  5. Select the From checkbox and add the administrator's e-mail address. The Recipient type can stay as the default as we want to ensure that all direct e-mail is not forwarded to the user's device.
  6. We leave the Importance and Sensitivity boxes unchecked, so all messages are not forwarded, and place the radio button to Do not forward email messages to the device.
  7. Select Save all.

    BlackBerry Enterprise Server 5: Activating Devices and Users

The message filters that we create are applied in the order that they appear in the Email message filters section. So we must ensure that the least restrictive message filter is at the top, with the most restrictive message filter appearing at the bottom of the list. Global message filters are applied immediately, as soon as they are enabled. If you don't require a message filter, then you can go back into the settings and from the drop-down select No. Also, please bear in mind that not all the features that you specify for the message filter have to match exactly for the filter to be applied. As long as there is one positive hit on the filter, the message filter will be applied by the BlackBerry Messaging Agent and the action of the message filter will be carried out.

In the Lab, we will look at applying a message filter to a specific user, whereby the message is forwarded using Level one notification—Level one notification means that the e-mail will appear in bold, or depending on the device's OS, in a different font color. It also gives the option to assign it a different alert tone via the profile settings on the user's device.

If no message filters are applied then the default setting on all user accounts is to forward e-mail messages to the device. Also remember that global filters—like the one we created—are applied before user filters.

Synchronizing organizational data

There are a number of settings within the BlackBerry Enterprise Server that relate to the synchronizing of organizer data. The following list details the settings that can be configured for organizer data.

  • Enable or disable synchronization for specific organizer data, that is, message filters, address books, tasks, and so on. Synchronization is enabled by default for all organizer data.

    Please note that calendar settings are NOT part of the organizer data; calendar synchronization issues are controlled separately, and is turned on by default.

  • Determine how organizer data will be synchronized, either from the device to the server, the server to the device, or both ways (bidirectional).
  • Identify the data source to be used in case there is any conflict between the mail server or the user's device, and which data source should be used-either the mail server's database or the user device’s database.

These settings can be set at the global level, which will affect all users on the BlackBerry Enterprise Server or they can be set at a specific user level. Again, global settings are applied before individual user settings.

  1. Log on to BlackBerry Administration Service.
  2. Under BlackBerry solution management, expand User, and then select Manage users.
  3. Select a user account.

  4. Click on Edit user.

    BlackBerry Enterprise Server 5: Activating Devices and Users

  5. Under the Messaging configuration section, click on Default configuration.

  6. Under General, select the Organizer data synchronization tab. We can for this user:
    • Turn wireless synchronization on or off
    • Allow automatic device management
    • Allow automatic wireless backup—by default this is turned on and will back up the account settings and data from the BlackBerry devices to the BlackBerry Enterprise Server

The remaining settings are similar to those discussed but would be activated for the user we have selected.

Up to now, we have looked at activating a BlackBerry device for a user, and we have seen the settings available to us once the activation is completed, regarding organizer data. Before we move on to the lab, we should spend some time looking at the device itself, and what the activation has done to the device and common troubleshooting processes that can be carried out on the device, if synching of data is not happening.

Using one of the activation methods previously explained, a user should have a BlackBerry device that is fully synched with his or her mailbox. Depending on the rules and filters that we have set, messages should have been prepopulated on the device and new messages should be coming into the device, as they are sent.

New features with BES version 5 and device software version 5 or higher also allow us to use Flags for follow-up support. You will get the same flag structure replicated to messages on the BlackBerry device. Also we can synch all of the user's folders, not just the inbox. This can be set by going through the following steps:

  1. Log on to BlackBerry Administration Service.
  2. Under BlackBerry solution management expand User, and then select Manage users.
  3. Select a user account; click on Edit user, and under the Messaging configuration section click on Default configuration (as shown in a previous screenshot).
  4. Select the E-mail tab, and under the Settings message redirection, place a checkbox in the folders that you would like to replicate to the device, along with the user's inbox.
  5. Select Save all.

The address book should be fully populated—this time the BlackBerry Enterprise Server allows us to synch more than the default address book from the user's mailbox. If the user has more than one address book in his or her mailbox then following is the procedure to ensure that multiple address books are synched. BlackBerry Enterprise Server also allows the synching of public folders, which was not available in the previous versions; this setting can also be enabled at the following same interface:

  1. Log on to BlackBerry Administration Service.
  2. Under BlackBerry solution management, expand User and then select Manage users.
  3. Select a user account; click on Edit user, and under the Messaging configuration section click on Default configuration.
  4. Select the E-mail tab (as shown in a previous screenshot).
  5. Under the setting Private contact folders, all contact folders set up for the user will appear and we can select the ones we want by placing a tick in the checkbox. We then can assign which contact folder will be default, by selecting the correct one via the drop-down menu.

    BlackBerry Enterprise Server 5: Activating Devices and Users

  6. Under the Published public contact folders, we can select any public contact folders we have-these will then be synched to the device.
  7. Select Save all once it is completed.

If there are any issues of synching the address book, the following commands can be run from the BlackBerry device that will help to rebuild and resynch the address book:

  1. On the device, navigate to the address book.
  2. Hold down ALT + VALD, this will validate the address book and look for any inconsistencies between the device database and the one stored on the BlackBerry Enterprise Configuration database.
  3. ALT + RBLD will force a rebuild of the data structure on the device's database.
  4. Finally, if we are still facing issues, we can erase and rebuild the address book. The following command will cause the device to delete the current address book and prompt the BES server to resynch the address book. Navigate to Options, and type RSET (no need to hold down the ALT key, but you must be in the options menu to issue the command.)

On the device, we should also see a fully synched calendar. You have probably noticed that when we were looking at and configuring PIM/organizer data, there were no settings for calendars. Calendar synchronize is turned on by default for all users when their device is activated; we can see this by using the BlackBerry TraitTool.

  1. Log on to a server that hosts the BlackBerry Enterprise Instance.
  2. Extract the contents of the installation files to a folder on the server.
  3. Open up the command prompt on the server, navigate to the Tools folder within the extracted files and locate the TraitTool.exe.
  4. In the command prompt type:

    Traittool -global list

  5. If we are having global issues with calendar synch, we can turn off the synch process and start the synch process again by using the following commands:

    traittool -global -trait smartsyncenable -set false

    traittool -global -trait smartsyncenable -set false

If the issue is isolated to a particular device, we can force a resynchronization of the calendar from the device by following the procedure:

  1. On the device, go to Calendar.
  2. Click the BlackBerry button and select Options.
  3. Click on the Calendar and select Wireless Synchronization to No.
  4. Open up Web Desktop Manager or BlackBerry Desktop Manager.
  5. Select Backup and Restore, select Advance button on the right-hand pane, find the database for the calendar and select Clear.
  6. Repeat the first three steps except this time select Wireless Synchronization to read Yes. This will perform a resynch of the calendar.

If the device cannot access BlackBerry Desktop Manager, then we can use the following key combination on the device to enable a resynch of the calendar from the BES:

  1. On the device go to Calendar.
  2. Click the BlackBerry button and select Options.
  3. Type SYNC—for a slow calendar synch.
  4. Type RSET—to resynch from the BES.

There are several other trait commands that can be used to change calendar synch settings.

Users can now also forward calendar appointments from their devices, a feature that is new to BES version 5. The new feature of BES version 5 is the ability to access documents from the device that are stored on the remote corporate LAN.

This brings us to Lab, where we will continue to build our BlackBerry Enterprise Environment.

        Read more about this book      

(For more resources on BES, see here.)


In this section we will be looking at importing bulk users from our existing mail server environment into the BES environment.

Importing users to the BlackBerry Enterprise Server

In most organizations, we would already have a list of users present in our messaging environment (or in Active Directory). Instead of adding a single user at a time—which in a large organization could take up valuable time—we can create a .csv file and import a batch of users. When we carry out the import of users, we can specify:

  • The names of the groups we want to add the users to
  • Details about activation such as type of activation, password, and expiry times
  • E-mail address
  • Which Blackberry Enterprise Server instance to join, denoted via the SRP ID

For the purpose of this lab, we are going to create a .csv file that will create and add six users to our group called Sales Team. Set each one up with a default activation password of 'password', which has an expiry time of 40 hours.

  1. Open up Notepad.
  2. Add the following column headings, each separated on one line with a comma:
    • E-mail address
    • SRP ID
    • Group names
    • Activation password operation
    • Activation password
    • Activation password expiry
    For each user, specify their e-mail address, the SRP ID for the BlackBerry Enterprise Server instance we want to join, and the group name—in our case it will be "Sales Team". We will set the activation password operation for all users to specify, the activation password for all users will be "password", and the expiry time will be 40, denoting 40 hours before the password expires. Your text file should look similar to the following screenshot:

  3. Save the file as a normal .txt file, if created in a notepad.
  4. Within the BlackBerry Administration Service, navigate to the BlackBerry solution management section.
  5. Expand User and select Create a User, then select Import new users.

  6. Browse to the text file we created previously and select Continue.

  7. Once the import is finished, you will see the message stating the following users have been created and e-mailed the activation password we set in our CSV file, as shown in the previous screenshot of the CSV file.
  8. In the CSV import file settings, we can—under Activation Password Operation—choose to type the following keywords, which would have alternative effects on the user activation method:
    • Generate: This would automatically generate and e-mail an activation password to the users
    • None: It will just create the user account
  9. We can also check to ensure that the six users are added to the Sales group.
  10. Click on Manage groups, select Sales Team, and then select View group membership.

Adding a user when the user is not present in the company directory lookup

As mentioned earlier, sometimes the BlackBerry Mail store does not synch with the contact information database in the BlackBerry Configuration Manager in time, so there could be an instance when a new user is created in Active Directory/Exchange, but is not displaying the user account in the search results within the BlackBerry Administration Service. If that happens, we can follow the steps to add the user account on to the BlackBerry Enterprise Server:

  1. Expand User, click on Create a user, then click on Add user from company directory.

  2. Type in the user's e-mail address in the Email address field.
  3. Click on Find user in company directory.

    BlackBerry Enterprise Server 5: Activating Devices and Users

  4. Click on Save user to available list and create BlackBerry enabled user.
  5. You can now select the BlackBerry instance, add the user to any groups, and create a user with an activation password which you specify, or alternatively one which is generated. You can also create the user with no activation password.

Setting a disclaimer at the server level for all users

To ensure that the integrity of the organization is kept up to standards when users are using the BlackBerry device, we need to ensure that our company disclaimer is attached to the end of each message. This can be done as follows:

  1. In the BlackBerry Administration Service under Servers and components, expand BlackBerry Domain | Component view | Email and select the BES instance.
  2. On the right-hand pane, select the Messaging tab.
  3. Scroll down and select Edit instance.

  4. Under Messaging options, enter the disclaimer in the textbox marked Appended disclaimer text.
  5. Set the conflict rule so that the Server disclaimer is used first, then the user's, as shown in the following screenshot:

    BlackBerry Enterprise Server 5: Activating Devices and Users

  6. Select Save all.

Setting activation passwords

We can set these if we carry out an import such as in the previous section, otherwise we can set the activation passwords for multiple users by carrying out the following procedure:

  1. Expand User, select Manage users, then select Manage multiple users.

  2. Place a checkbox in all the users that we want to set an activation password for.
  3. Under Device activation, select Specify an activation password, and enter an activation password and the time it has before it expires.
  4. Then select Specify an activation password.

Sending a PIN message

To ensure we have data communication before we activate a device, we can test it by sending a PIN message. Also remember in our setup we have activated the Enterprise Policy, so any devices we try and activate must fit into the policy's type and make, and we must also specify the device's PIN in our policy.

On the device, go to Options | Status to see the device's PIN number. Go to Messages, press the BlackBerry button, and select Compose PIN; send a PIN message to ensure you have data connectivity.

Applying a Level One message filter to a user

We will conclude this lab by demonstrating how we can apply a Level One message filter to a user's account. The advantage of this is that if the message matches the criteria we have set up in the filter then we can forward that message on to the user with a level 1 notification. Messages with level 1 notification appear in bold (and if the device has the latest 5.0 software running then they appear in a different font color). They can also be assigned a different tone alarm on the device, so the user knows who the message is from.

We have a user called Howard who needs to know instantly when his Boss Susan e-mails him—when he is on the road—as it usually contains updates on sales figures and prices. For this we can create a message filter and then forward that message on with level 1 notification.

  1. Expand User, select Manage users, then select Howard, and then Edit user.

    BlackBerry Enterprise Server 5: Activating Devices and Users

  2. Under Messaging configuration, click on Default configuration.
  3. Select the E-mail tab.

    BlackBerry Enterprise Server 5: Activating Devices and Users

  4. Under Priority, enter a name for the message filter—Level One_Susan.
  5. Make sure the rule is marked enabled to Yes.
  6. Place a tick in the From field and select Susan's account.
  7. Ensure the radio button is placed in Forward email messages to the device.
  8. Place a tick in the box marked—Forward with Level 1 notification.

  9. Click on Save all.

On Howard's device, we can go to Options | Profiles | Select the active profile | Select Level One and set a different ring tone.

Now, when Susan sends Howard an e-mail, he will know instantly that it is from Susan and that Howard needs to access it on his device.


In this article, we have covered the methods for creating and managing user accounts, and we have looked at the different ways we can activate a device for a user. We have also examined the settings associated with organizer data.

Further resources on this subject:

You've been reading an excerpt of:

BlackBerry Enterprise Server 5 Implementation Guide

Explore Title