BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 03-26-2010, 06:59 PM   #1 (permalink)
Knows Where the Search Button Is
 
Join Date: Jan 2007
Model: none
Carrier: ATT
Posts: 17
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default BES + Exchange 2010 (and 2k7 too) permissions

Please Login to Remove!

So, I have often wondered this, and never had it be a "problem" until now.

In the BES 5.x instructions, there is this step:
Type Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -
User "BESAdmin" -Identity "CN=Users,DC=<domain_1>,DC=<domain_2>,DC=<domain_3 >"


Now, these instruction work, as long as you have all your users in the "Users" CN. At my employer, this needed to be replaced with OU=Employees instead, because that is where all the users are.

Now, I have a customer who has about 35 OU's off their root. Now, I can audit, and specifically set this permission at each OU.. I can also script and loop through the root OU's applying this permission..

However, if the customer add's another Root OU, they would need to re-run this permission. That's acceptable to some customers, but not all.

And if you try to run the above and apply to just DC=domain,DC=com, it errors out in a pretty non-descriptive manner.

Any feedback welcome.
Chris
Offline  
Old 04-01-2010, 07:51 PM   #2 (permalink)
Knows Where the Search Button Is
 
Join Date: Mar 2008
Model: 8830
PIN: N/A
Carrier: Alltel
Posts: 22
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

The easiest fix, from the outside looking in, would be to create a OU at the root called something like "Employees" and put all the other root OUs under that Employee OU, this makes things cleaner overall I would think, and solves your issue as you only need to run the permissions for the Employees OU.

Just a thought, not really a "fix"
Offline  
Old 04-02-2010, 04:07 PM   #3 (permalink)
Knows Where the Search Button Is
 
Join Date: Jan 2007
Model: none
Carrier: ATT
Posts: 17
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Wiseman13 View Post
The easiest fix, from the outside looking in, would be to create a OU at the root called something like "Employees" and put all the other root OUs under that Employee OU, this makes things cleaner overall I would think, and solves your issue as you only need to run the permissions for the Employees OU.

Just a thought, not really a "fix"
Yea, I thought of offering that as well, but instead I just issued the command 40 times, and told the customer they would need to add the line for any new OU's as well. Wish this could be applied at the domain level.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.