• BlackBerry® Enterprise Server software version 3.6 for Microsoft® Exchange
• Microsoft® Exchange® 5.5 and later 

Background

When you switch BlackBerry Enterprise Server administration accounts, you can choose to use the old administration mailbox or use the new account′s mailbox. If you use the previous mailbox, the new account must have full permissions and ownership of the old mailbox.

If you choose to use the new account′s mailbox, it will not contain any information about your existing BlackBerry Enterprise Server. Because the BlackBerry Configuration Database contains the BlackBerry Enterprise Server information and an empty mailbox, the BlackBerry Enterprise Server will report errors and fail to start. You must delete the existing BlackBerry Enterprise Server from the BlackBerry Configuration Database, and add it again after the BlackBerry Enterprise Server has been reconfigured to use the new mailbox.

Warning: Never remove the BlackBerry Enterprise Server directly in the BlackBerry Enterprise Server Management console. This removes all information from the BlackBerry smartphone user mailboxes, and BlackBerry smartphone users must connect their BlackBerry smartphones to their computers and create new encryption keys.

To change the administration account for BlackBerry Enterprise Server software version 3.6, complete the following tasks:

Summary of Tasks

1. Obtain all important information for backup purposes.
2. Create a new BlackBerry Enterprise Server administration account and mailbox.
3. Assign the local permissions.
4. Assign the new account to the Local Administrators group.
5. Add the appropriate Exchange Server permissions.
6. Add the Send As permissions.
7. Stop all BlackBerry Enterprise Server services.
8. Change BlackBerry Enterprise Server services that log on as the old BlackBerry Enterprise Server administration account to the new account.
9. Export the Research In Motion® registry key from the old administration account.
10. Import the Research In Motion registry key to the new BlackBerry Enterprise Server service account.
11. Edit the Messaging Application Programming Interface (MAPI) profile.
12. If you have a Microsoft® SQL Server™, assign the Server Roles.
13. Back up the BlackBerry Configuration Database.
14. Remove the BlackBerry Enterprise Server information from the BlackBerry Configuration Database.
15. Add the BlackBerry Enterprise Server to the BlackBerry Enterprise Server Management console.
16. If necessary, add the user lists to the BlackBerry Enterprise Server.
17. Start all BlackBerry Enterprise Server services.

Task 1

Record the following information for backup purposes, and to restore the BlackBerry Enterprise Server if you use a new mailbox.

• The name of each BlackBerry Enterprise Server accessing the BlackBerry Configuration Database
• The BlackBerry smartphone user list from each BlackBerry Enterprise Server

  Note: For instructions on how to export a BlackBerry smartphone user list, see the BlackBerry Enterprise Server 3.6 for Microsoft Exchange: Administration Guide.

• The Server Routing Protocol (SRP) Authentication Key and SRP Identifier for each BlackBerry Enterprise Server

  Note: To view the SRP Authentication Key and SRP Identifier, open the BlackBerry Enterprise Server Management console, right-click the BlackBerry Enterprise Server name, click BlackBerry Server Properties, and select the General tab.

• The Client Access License (CAL) for the BlackBerry Enterprise Server and for each BlackBerry smartphone user

  Note: To view the CALs, open the BlackBerry Enterprise Server Management console, right-click BlackBerry Enterprise Management, click Properties, and select the License tab.

Task 2

Create a new BlackBerry Enterprise Server administration account and mailbox. For instructions, see the BlackBerry Enterprise Server 3.6 for Microsoft Exchange 5.5: Installation Guide, or the BlackBerry Enterprise Server 3.6 for Microsoft Exchange 2000: Installation Guide.

Task 3

On the BlackBerry Enterprise Server, assign the local permissions.

Warning: There are performance issues associated with installing the BlackBerry Enterprise Server on a domain controller. This is not a recommended configuration.

On a domain controller

1. In Microsoft® Windows®, click Administrative Tools > Domain Controller Security Policy.
2. Go to Local Policies/User Rights Assignment.
3. Double-click Log on as a service, select the Local Policy Setting check box next to the new BlackBerry Enterprise Server service account name, and click OK.
4. 
   
   

   For Microsoft Windows 2000

   Double-click Log on locally, select the Local Policy Setting check box next to the new BlackBerry Enterprise Server service account name, and click OK.

   For Microsoft Windows 2003

   Double-click Allow log on locally, select the Local Policy Setting check box next to the BlackBerry Enterprise Server service account name, and click OK.

On a member server

1. In Microsoft Windows, go to Administrative Tools > Local Security Policy.
2. Go to Local Policies/User Rights Assignment.
3. Double-click Log on as a service, select the Local Policy Setting check box next to the new BlackBerry Enterprise Server service account name, and click OK.
4. 
   
   

   For Microsoft Windows 2000

   Double-click Log on locally, select the Local Policy Setting check box next to the new BlackBerry Enterprise Server service account name, and click OK.

   For Microsoft Windows 2003

   Double-click Allow log on locally, select the Local Policy Setting check box next to the BlackBerry Enterprise Server service account name, and click OK.

Task 4

Add the new administration account to the Local Administrators group on the BlackBerry Enterprise Server.

On a domain controller

1. Click Administrative Tools > Active Directory Users and Computers and select the Builtin folder.
2. Double-click Administrators, and then select the Members tab.
3. In the Administrators Properties window, click Add.
4. On the Select Users, Contacts, Computers, or Groups screen, select the BlackBerry Enterprise Server service account name, and click Add.
5. Click OK to close the Select Users, Contacts, Computers, or Groups window.
6. Click OK to close the Administrators Properties window.

On a member server

1. Go to Administrative Tools > Computer Management > Local Users and Groups, and then select the Groups folder.
2. Double-click Administrators, and then click Add.
3. On the Select Users, Contacts, Computers, or Groups screen, select the BlackBerry Enterprise Server service account name, and then click Add.
4. Click OK to close the Select Users, Contacts, Computers, or Groups window.
5. Click OK to close the Administrators Properties window.

Task 5

Add the appropriate Microsoft Exchange Server permissions.

For Microsoft Exchange 5.5

In Microsoft Exchange Administrator, turn on the Service Account Admin permission for the new BlackBerry Enterprise Server service account in both the Site and Configuration containers. See Microsoft Exchange 5.5 documentation for more information on setting permissions.

For Microsoft Exchange 2000 and 2003

1. In the Microsoft Exchange System Manager, right-click the Microsoft Exchange administrative group name, and click Delegate Control.
2. Click Next, and then click Add to open the Delegate Control window.
3. Click Browse to open the Select Users, Computers or Groups window, and then select the new BlackBerry Enterprise Server service account.
4. From the Role drop-down list, select Exchange View Only Administrator, and then click OK.
5. Click Next and click Finish.
6. Expand the Exchange Administrative Group, and then right-click the Exchange Server hosting BlackBerry smartphone users.
7. Right-click the Microsoft Exchange Server name, click Properties, and click the Security tab.
8. Make sure the Allow inheritable permissions from parent to propagate to this object check box is selected.
9. Choose the BlackBerry Enterprise Server service account name from the list and select the appropriate check boxes to allow permissions for Administer information store, Receive As, and Send As in the lower pane.
10. Click Apply, and then click OK.
11. If you have multiple Microsoft Exchange Administrative Groups, or multiple Microsoft Exchange Servers hosting BlackBerry smartphone users, repeat steps 6 to 10 for each Microsoft Exchange Administrative Group and Microsoft Exchange Server.

Task 6

To grant the Send As permission for a single account on all users in a Microsoft® Active Directory® domain or container, complete these steps:

1. Open Administrative Tools > Active Directory Users and Computers.
2. From the View menu, select the Advanced Features option. If this option is not selected, the Security page will not be visible for domain and container objects.
3. Right-click the appropriate domain or container, and then click Properties.
4. On the Security tab, click Advanced.
5. If the BlackBerry Enterprise Server administration account that requires the Send As permission is not listed, click Add, and then select the appropriate administration account. Click OK.
6. Double-click the BlackBerry Enterprise Server administration account.
7. In the Applies Onto list, select User Objects.
8. Select the Send As check box.
9. Click Apply, and then click OK.
10. Close the Properties window, and then close Active Directory Users and Computers.

Note: For additional methods of assigning the Send As permission, search for article 912918 in the Microsoft Support Knowledge Base.

Task 7

Stop all BlackBerry Enterprise Server services by going to Administrative Tools > Services, right-clicking each BlackBerry Enterprise Server service, and clicking Stop.

Important: Restarting the BlackBerry Enterprise Server will delay email message delivery to BlackBerry smartphones. For more information, see KB04789.

Task 8

Change any BlackBerry Enterprise Server services that log on as the previous BlackBerry Enterprise Server administration account to the new BlackBerry Enterprise Server administration account.

Important: The BlackBerry Attachment Service should start as Local System and not as the BlackBerry Enterprise Server administration account. Do not change the Log On option for this service.

1. Click Administrative Tools > Services, double-click a BlackBerry service that has a Log On account, and click the Log On tab.
2. Select the This account option, and then enter the new BlackBerry Enterprise Server service account name.
3. Type the BlackBerry Enterprise Server service account password in the Password and Confirm Password fields.
4. Click Apply, and then click OK.
5. Repeat steps 1 to 4 for each of the remaining BlackBerry Enterprise Server services that have a Log On account.

Task 9

Export the Research In Motion registry key from the previous BlackBerry Enterprise Server administration account.

Warning: The following procedure involves modifying the computer registry. This can cause substantial damage to the Microsoft Windows operating system. Document and back up the existing registry entries prior to implementing any changes.

1. Log in with the current BlackBerry Enterprise Server service account.
2. Open the Registry Editor.
3. Go to HKEY_CURRENT_USERSoftwareResearch In Motion
4. Right-click the registry key and select Export or from the menu, select File > Export. Save the key to a location on the computer that the new BlackBerry Enterprise Server service account can access.
5. Close the Registry Editor.

Task 10

Import the Research In Motion key to the new BlackBerry Enterprise Server administration account.

1. Log out of the current BlackBerry Enterprise Server service account and log in with the new BlackBerry Enterprise Server service account.
2. Open the Registry Editor.
3. Go to HKEY_CURRENT_USERSoftware and select the Research In Motion key.
4. Click Registry > Import Registry File, choose the location where the Research In Motion key is saved, and click Open.
5. On the confirmation screen, click OK.
6. Close the Registry Editor.

Task 11

Edit the MAPI profile.

1. Click Start > Programs > BlackBerry Enterprise Server > Edit the MAPI Profile for > BlackBerry Enterprise Server <server_name>.

   where <server_name> is the name of the BlackBerry Enterprise Server.

2. Type the new BlackBerry Enterprise Server administration account mailbox name in the Mailbox field, click Apply, and click OK.
3. Click Start > Programs > BlackBerry Enterprise Server > Edit the MAPI Profile for > BlackBerry Server Management.
4. Type the new BlackBerry Enterprise Server administration account mailbox name in the Mailbox field, click Apply, and click OK.

Task 12

If you have a Microsoft SQL Server, assign the Server Roles.

1. Open the SQL Enterprise Manager and go to Microsoft SQL ServersSQL Server Group<server_name>Databases<database_name>

   Where <server_name> is the name of the BlackBerry Enterprise Server, and <database_name> is the BlackBerry Configuration Database accessed by the BlackBerry Enterprise Server.

2. To open the Microsoft SQL Server Login Properties - New Login window, right-click Users, click New Database User, and select new from the Login name drop-down list.
3. Enter the new BlackBerry Enterprise Server service account name, and then click OK to close the SQL Server Login Properties - New Login window.
4. From the Login name drop-down list, select the new BlackBerry Enterprise Server service account name, and then select the db_owner check box next to the Permit in Database Role list.
5. Click OK to close the Database User Properties - New User window, and then click OK again to close the SQL Server Login Properties - New Login window.
6. Go to Microsoft SQL ServersSQL Server Group<server_name>Security, right-click Logins, and click New Login.
7. On the General tab, click the button next to the Name field, as shown below.

   

   A new window opens, containing the List Names From drop-down list. Select the name of the BlackBerry Enterprise Server from the list.

8. Select the new BlackBerry Enterprise Server administration account name from the Names list, click Add, and click OK.
9. On the Server Roles tab, select Server Administrators from the Server Role list, and then click Properties to open the Server Role Properties - serveradmin window.
10. On the General tab of the Server Role Properties - serveradmin window, click Add to open the Add Members screen.
11. Choose the new BlackBerry Enterprise Server administration account name, and then click OK to close the Add Members window.
12. Click OK to close the Server Role Properties - serveradmin screen, and then click OK again to close the SQL Server Login Properties - New Login screen.

Task 13

Back up the existing BlackBerry Configuration Database.

For Microsoft SQL Server Desktop Engine (MSDE)

1. Open a command prompt, then go to C:Program FilesMicrosoft SQL Server80ToolBinn.
2. Type osql -E, and then press ENTER.
3. Type the following commands, in the specified order:

   1> backup database BESMgmt to disk = "c:ackupfile.bak"

   2> go

   1> quit

For the Microsoft SQL Server

1. Open the SQL Server Enterprise Manager, and then go to Microsoft SQL ServersSQL Server Group<BlackBerry_Enterprise_Server_name>Databases.
2. Right-click the BlackBerry Configuration Database, and then click All Tasks > Backup Database.
3. In the SQL Server Backup - BESMgmt window, click OK. You will receive notification after the backup is successfully completed.

Task 14

Remove the BlackBerry Enterprise Server information from the BlackBerry Configuration Database. If you use a Microsoft SQL Server, proceed to Option 2.

Option 1

1. Open Microsoft Windows Explorer and go to C:Program FilesMicrosoft SQL Server80ToolBinn.
2. At a command prompt, type osql -E, and press ENTER.
3. Type the following commands, in the specified order:

   For a single BlackBerry Enterprise Server

   1> use BESMgmt

   2> go

   1> delete from BESAgent

   2> go

   1> delete from MDSConfig

   2> go

   1> quit

   For multiple BlackBerry Enterprise Server instances

   1> use BESMgmt

   2> go
   
   

   1> delete from BESAgent where BESAgentName=<BlackBerry_Enterprise_Server_name>

   2> go

   1> delete from MDSConfig where BESServerName=<BlackBerry_Enterprise_Server_name>

   2> go

   1> quit

4. Close the command prompt.

Option 2

If you use a Microsoft SQL server, complete the following steps:

1. Open the SQL Server Enterprise Manager, and go to Microsoft SQL ServersSQL Server Group<BlackBerry_Enterprise_Server_name>Databases< database_name>Tables.

   where <database_name> is the name of the BlackBerry Configuration Database (for example, BESMgmt).

2. Right-click the BESAgent table, and then click Open Table > Return all rows.
3. Right-click the beginning of the row that contains the name of the BlackBerry Enterprise Server you want to delete, and then click Delete.
4. Close the BESAgent table.
5. Right-click the MDSConfig table, and then click Open Table > Return all rows.
6. Right-click the beginning of the row that contains the name of the BlackBerry Enterprise Server you want to delete, and then click Delete.
7. Close the MDSConfig table, and then close the SQL Server Enterprise Manager.

Task 15

Add the BlackBerry Enterprise Server to the BlackBerry Enterprise Server Management console.

1. Open the BlackBerry Enterprise Server Management console.
2. Right-click BlackBerry Server Management, and then click New BlackBerry Server.
3. In the BlackBerry Enterprise Server System Information window, type the BlackBerry Enterprise Server name, the SRP Identifier, and the SRP Authentication Key in their corresponding fields.
4. In the Administration Mailbox field, type the mailbox name of the new BlackBerry Enterprise Server administration account, or type the old mailbox name if you have chosen to use the old mailbox with the new BlackBerry Enterprise Server administration account.

   Note: When typing the SRP information, use an uppercase S or T and make sure that there are no extra spaces in the SRP information or in the BlackBerry Enterprise Server name. If you use the previous mailbox, the BlackBerry smartphone users are automatically populated. If you use a new mailbox, you must import the BlackBerry smartphone user lists, or add the BlackBerry smartphone users manually. For instructions, see Task 14.

5. Click OK.
6. If you have multiple instances of the BlackBerry Enterprise Server, repeat steps 2 to 4 for each server.

Task 16

If the BlackBerry smartphone users are not automatically populated, add the BlackBerry smartphone user lists to the BlackBerry Enterprise Servers.

1. In the BlackBerry Enterprise Server Management console, right-click the BlackBerry Enterprise Server name and click Add Users.
2. If you have a BlackBerry smartphone user list from the old account, click Import Users From File, go to the location of the file, click Open, and then click OK.

   If you are adding the BlackBerry smartphone users manually, click Global Address Book, highlight each BlackBerry smartphone user in the left pane, click Select, and then click OK after all BlackBerry smartphone users have been selected.

3. When prompted to clear the pre-existing information and statistics, click No.
4. Close the BlackBerry Enterprise Server Management console.

Task 17

Start all BlackBerry Enterprise Server services.

In Administrative Tools, double-click Services, right-click the BlackBerry Enterprise Server name, and start all BlackBerry Enterprise Server services.