Installing BES for Microsoft Exchange
Create a new user in AD name the user BESAdmin
Add the user to the administrators group
Go to Start > Administrative Tools > Local Security Policy
or Start > Administrative Tools > Domain Controller Security Policy if you’re installing on a DC
Go to Security Settings>Local Policies>User Rights Assignment – Find “Allow log on locally” Add your user to this account. Do not forget <domainNameusername> format
Next find log on as a service and add the account here as well.
Open Exchange System Manager
You must right click on the top level in ESM and go to properties and check the 2 boxes that say “Display routing groups” and “Display administrative groups”. Once you do exit ESM and re-open it.
Now go to administrativfe groups>first administrative group> right click and go to delegate control.
Click next then click add find your BESAdmin account. Keep the Exchange view only administrator selected. click next click finish
In Exchange 2007 you can just run the following in Exchange Management Shell
add-exchangeadministrator BESAdmin -role ViewOnlyAdmin
Run get-exchangeadministrator | Format-List to verify BESAdmin is a member of the exchange read only administrators.
Open ESM again in Exchange 2003
go to administrative groups>first administrative groups>servers>right click on your exchange server and go to properties. Go to the security tab. Select the bes Service account add the following permissions to the existing Administer information store, send as, recieve as. click advanced verify the “SELECT the allow inheritable permissions from parent to propogate to this object and all child objects” is selected click ok. do the same for all exchange servers.
In Exchange 2007 run the following cmd from EMS
get-mailboxserver <Exchange2007> | add-adpermission -user <BESAdmin> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
Where < Exchange2007> is the name of the Microsoft Exchange 2007 Server and < BESAdmin> is the name of the BlackBerry Enterprise Server service account.
If inheritiance to the individual mail stores is not enabled, to set the Send As, Receive As, and Administer information store permissions at the store level, complete the following steps from the Exchanage management shell:
get-mailboxdatabase <Exchange2007><dbname> | add-adpermission -user <BESAdmin> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
Where <dbname> = ‘First storage groupMail box database’
To verify the Send As, Receive As, and Administer Information Store permissions, complete the following steps:
get-mailboxserver <Exchange2007> | get-ADpermission -user <BESAdmin> | Format-List
To verify the Send As, Receive As, and Administer Information Store permissions at the mailbox store level, complete the following steps:
get-mailboxdatabase <Exchange2007><dbname> | get-ADpermission -user <BESAdmin> | Format-List
Next open active directory users and computers
go to view> advanced features
right click on your domain name and go to properties. Click the security tab>click advanced. click the add button and add the besadmin account. On the window that pops up there is an apply onto section select “user objects” in this field. Then scroll to the bottom and select send as grand the “allow” checkbox. click ok.