Blackberry users unable to get mail after mailbox move

2017-12-01T13:16:02+00:00 April 7th, 2015|News|

We have been doing some work for a customer around creating new mailbox databases and moving users around into these new databases.

After moving a number of users we began getting calls from them to say their Blackberry’s had stopped syncing. I had a look around and found the following Blackberry article:;jsessionid=BE9FCF73339216083FE4C09D7A84C95E?externalId=KB02276&sliceId=2&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl

This describes that if you create a new mailbox database you need to ensure the blackberry service account has the following permissions of the mailbox database itself:

Administer information Store
Receive As
View information store status

To check what the other mailbox dbs had I ran:

Get-Mailboxdatabase -identity “*MailboxDatabase*” | Get-ADPermission | where-object { ($_.extendedrights -like “*receive*” -or $_.extendedrights -like “*ms-E xch-Store-Visible*” -or $_.extendedrights -like “*ms-Exch-Store-ad*”) -and ($_.User -like “*BESadmin*”) } | select Identity, User, ExtendedRights, IsInherited | ft –wrap

And sure enough it showed:

You can also check in ADSI Edit too:

Configuration > Services > Microsoft Exchange > FQDN > Administrative Groups > Exchange Administrative Group (F…) > Databases > Properties on the DBs > Security.

So to add the required permission I ran:

Get-MailboxDatabase -identity “NewMailboxDatabase” | Add-ADPermission -User “BESAdmin” -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin, ms-Exch-Store-Visible

After that the service books were resent to the affected user’s devices and all started syncing again.


Hope it helps!