BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 12-04-2008, 12:00 PM   #1 (permalink)
New Member
 
Cloyde Syfox's Avatar
 
Join Date: Dec 2008
Model: 8703
PIN: N/A
Carrier: Bell Mobility
Posts: 5
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Active Directory Issue

Please Login to Remove!

I have 55 users on my BES. All but one are working properly. The one user in question is able to receive but not send.

I can make her send by adding the besadmin security group to her profile but that will last about one hour and then it is removed.

Does anyone have any idea what is removing this permission from the user account?
Offline  
Old 12-04-2008, 12:04 PM   #2 (permalink)
soupandsandwich
Guest
 
Posts: n/a
Default

Is this user a Domain Admin, or part of a group with special privileges in Active Directory?
http://www.blackberry.com/btsc/searc...00%20174518448
 
Old 12-04-2008, 12:20 PM   #3 (permalink)
New Member
 
Cloyde Syfox's Avatar
 
Join Date: Dec 2008
Model: 8703
PIN: N/A
Carrier: Bell Mobility
Posts: 5
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes the user is part of Domain Admins. However all other BB users are also members of this group.
Offline  
Old 12-04-2008, 12:24 PM   #4 (permalink)
soupandsandwich
Guest
 
Posts: n/a
Default

Take all of the users out of the Domain Admins group.
They shouldn't be in there and their BlackBerry devices will eventually fail.

A BlackBerry user shouldn't be a Domain Admin. This is going to muck up the Send As privilieges which BES needs to properly send mail.
Follow the principle of least privilege and make those users "normal" unprivileged users.

Create a separate AD account for your admins and have them use the second account when they need to do work which requires administrative privileges.

Last edited by soupandsandwich : 12-04-2008 at 12:25 PM.
 
Old 12-04-2008, 12:35 PM   #5 (permalink)
New Member
 
Cloyde Syfox's Avatar
 
Join Date: Dec 2008
Model: 8703
PIN: N/A
Carrier: Bell Mobility
Posts: 5
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I just want to clarify.

The user has Domain Admins listed under the security tab and not the member of tab.
Offline  
Old 12-04-2008, 12:41 PM   #6 (permalink)
soupandsandwich
Guest
 
Posts: n/a
Default

I'm more confused now.
Are you looking in Active Directory?
What groups are listed in the 'Member Of' tab for this user?
 
Old 12-04-2008, 12:47 PM   #7 (permalink)
New Member
 
Cloyde Syfox's Avatar
 
Join Date: Dec 2008
Model: 8703
PIN: N/A
Carrier: Bell Mobility
Posts: 5
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Sorry for the confusion.

Under member of Tab the user is not a member of Domain Admins.

I was looking at the security tab under the advanced features view.

So the user is not a member of Domain Admins.
Offline  
Old 12-04-2008, 12:48 PM   #8 (permalink)
soupandsandwich
Guest
 
Posts: n/a
Default

OK, well that's good.
So what actually happens when this user tries to send an email from the BlackBerry?
Are they getting a red X next to the message?

If you open that failed message, does it show you an error message at the top of the email?

Is it possible that this user has reached their mailbox quota in Exchange?
 
Old 12-04-2008, 01:03 PM   #9 (permalink)
New Member
 
Cloyde Syfox's Avatar
 
Join Date: Dec 2008
Model: 8703
PIN: N/A
Carrier: Bell Mobility
Posts: 5
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes there is a red X and the error message is

"Desktop Email program unable to submit message."

Now I have googled that and all I can find is information about adding the send as feature. Which I have done but it just gets removed again.

Also there is a check box under the Security tab.

"allow inheritable permissions from parent to popagate to this object"

When I check this box all the proper permissions are applied I can send email for about 1 hour. Then some policy seems to remove it again and sending email stops again.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.