Changing BES Express 5.0 SP1 to look at different Exchange Server


We run the following environment
- Exchange 2007 SP2 on an Windows 2008 SP2 Server
- Exchange 2010 on an Windows 2008 R2 Server
- BES Express 5.0 SP1 on a Separate Server

We want to decommission our Exchange 2007 server and move to the the Exchange 2010 however I'm not sure what needs to be done on the BES in order keep the Blackberry's running. So far I have...

1. moved the BESAdmin mailbox to the Exchange 2010 Server
2. Update the MAPI connector on the BES so that it is looking at the Exchange 2010 server
3. Moved a user mailbox with a blackberry attached

After doing the above email on the users Blackberry isn't working what else needs to be done to make this work?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ServiceHelpAuthor Commented:
Thanks Shreedhar,

That doesn't really seem applicable to me I'm pretty sure its a permissions issue

After some more research I think this is what I need to do...

1. Configure Send As permissions on Exchange 2010 Server with the following command in the exchange management shell

Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "CN=Users,DC=<domain_1>,DC=<domain_2>,DC=<domain_3>"

2. Assign Microsoft Exchange Server permissions at the Administrative Group level, complete the following steps for the appropriate Microsoft Exchange environment:

Get-MailboxDatabase | Add-ADPermission -User "BESAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin


Add-RoleGroupMember "View-Only Organization Management" -Member "BESAdmin"

I run into trouble at step 1, I update the command as follows

Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "CN=Users,DC=domain,DC=example,DC=com,DC=au>"

then I get the following message (see screen shot 1)

Step 2 works without any issues
Shreedhar EtteCommented:
I suspect you might have misspelled the domain name.

Once again try to add the permissions.

Also refer this article:

Hope this helps,
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

ServiceHelpAuthor Commented:
Thanks so pretty sure I've got the domain name correct now however I till have a permission issue and am not able to pin down what or where I need to set sufficient permission for the BESAdmin account.

ServiceHelpAuthor Commented:
I resolved the issue I created myself a new BESAdmin account and setup the permissions from scratch.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Shreedhar EtteCommented:
That's Good
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.