Hi Folks

Currently in the process of building a BES 5.02 Env, Domino.

Our server team have now introduced an AD environment and I have been told I need to move into this.

Trying to find some details on the rights required as although have been given an account for the install, when trying to run the services, it all fails.

Have been told I need to have two separate accounts, one to do the install and the other to run the services. I really have no idea on how AD works so currently at a loss.

Have spoken to a few other BES admins who all say they do not run BES in the AD environment. Beginning to understand why.

Wonder if anyone can point me in the right direction.

Thanks in advance

you need to create a BESAdmin account in AD and add it to the server will local and domain admin rights. You need to install and start services under this account and no other. there are more detailed write ups here and on the blackberry site. it's all about permissions in AD.

This is not entirely correct. The BES service account should NOT be a Domain Admin.
KB02276 - Assigning permissions for a BlackBerry Enterprise Server service account

__________________

For Exchange environments, the BESAdmin account should never be a domain admin. But for Domino environments, it doesn't matter if the BESAdmin account is a user or domain admin. It doesn't need domain admin rights so there's no point giving it domain admin rights. On the server you're installing the BES on, the BESAdmin account must be a local admin and in local security policy, it must have "Allow log on locally" and "Log on as a service". This will give BESAdmin enough rights to run services. Domino mailbox access is granted when you place the Domino server you're installing the BES on in the LocalDomainServers group. Assuming you didn't change defaults, this should give it Manage with Delete documents access.

When installing 5.0.x Domino BES, make sure you select the Use Active Directory Authentication check-box under BlackBerry Administration Service. If you don't initially check it, you should be able to run the installer again and check it but I've seen in some cases where this doesn't work. Only way to resolve it was to perform a clean install with new config db and have this option selected.

Before installing BES, make sure you replicate the BlackBerryAdmins group to the Domino server you're installing the BES on and configure the Server Document (Run unrestricted methods and operations must have LocalDomainServers added). Also, make sure the DIIOP task is running on one of the Domino servers in your environment.

Many thanks for all the replies, very much appreciated