I will summarize the entire issue, resolution and analysis for this post.
Issue:
Administrator user who has permissions to manage the users were unable to manage the group.
Resolution:
Group is missing in the BAS Console on which the role is assigned for the administrator user to manage the users. Quickly new group with the same name has been created and the users have associated with the newly created group
In order to add bulk users to the group, you can achieve if you follow the below steps
If you are not sure how to get the user id and PIN, you can export the entire user list from which you can get the required details to fill the csv file.
I have referred the KB19858 for the above task.
This will fix the issue.
Analysis to understand how the issue caused:
Role has been assigned to the administrator user to manage the group with few restrictions like they won't be having permissions to delete the group. So, other administrators who have full rights on the entire blackberry solution like Security Administrators role.
But now the challenge is to find the administrator user who deleted the group.
To track the changes i have referred KB19251 which has the script which you can download and audit the changes. However after i have downloaded the script which didn't gave desired result. So, i have worked and modified the script to get the desired result. I will post the script information in my next blog.
You need to login to the SQL server which the blackberry servers are pointing.
Finally you got the administrator user who has deleted the group.... :)
Issue:
Administrator user who has permissions to manage the users were unable to manage the group.
Resolution:
Group is missing in the BAS Console on which the role is assigned for the administrator user to manage the users. Quickly new group with the same name has been created and the users have associated with the newly created group
In order to add bulk users to the group, you can achieve if you follow the below steps
- Login to the Blackberry Administration Service Console
- Click Manage Groups
- Click the Group for which bulk users (who are existing on BAS Console) needs to be added
- Click Add users to group membership (Group > Manage Groups > View Group)
- Click Import users from a list
- Browse the csv file and click OK ( Note: Csv file should have the fields User Id, Display Name, PIN, Email Address)
- Click Add to Group membership
If you are not sure how to get the user id and PIN, you can export the entire user list from which you can get the required details to fill the csv file.
I have referred the KB19858 for the above task.
This will fix the issue.
Analysis to understand how the issue caused:
Role has been assigned to the administrator user to manage the group with few restrictions like they won't be having permissions to delete the group. So, other administrators who have full rights on the entire blackberry solution like Security Administrators role.
But now the challenge is to find the administrator user who deleted the group.
To track the changes i have referred KB19251 which has the script which you can download and audit the changes. However after i have downloaded the script which didn't gave desired result. So, i have worked and modified the script to get the desired result. I will post the script information in my next blog.
You need to login to the SQL server which the blackberry servers are pointing.
- Open Microsoft SQL Server Management Studio
- Expand Databases and click the BESMgmt (Principal, Synchronized)
- Click New Query
- Paste the SQL script
- Click Execute
- Copy and paste the results and search for Delete and Group attributes and then you will get the administrator user with the below entities
|
AuditEventHeaderId
|
BAS
User Id
|
BAS
Display Name
|
Change
Date Time
|
Type
Id
|
Type
Text
|
Reference
Id
|
Action
Code
|
Field
Description
|
Old
Value
|
|
57438
|
27
|
****
|
11/25/2013 16:27
|
14
|
GROUP
|
13
|
Delete
|
Group
identifier
|
13
|
Finally you got the administrator user who has deleted the group.... :)
No comments:
Post a Comment