Installing the MIM 2016 synchronization engine (Microsoft Identity Manager) [Full Guide]


Microsoft-MIM-2016


Microsoft Identity Manager (formerly FIM – Forefront Identity Manager ) is the Microsoft solution that allows (among others) to make Active Directory synchronization This solution is composed of. several distinct products including a web portal as well as the synchronization engine.


I propose in this article to see how to install synchronization engine . it is the latter that connects your different sources of information that they are Active Directory, application, GAL (or others) to operate analyzes, timings or creations of objects in AD.


for each type of source we will then create a Management Agent (MA) specific to the source it must manage. You will find below the list of sources that MIM is capable of handling. in my case, I need to manage multiple active Directory, perform precise analyzes and create appropriate objects in a new AD (…)


2016-03-26_11h13_04


Step 0 -. Prerequisites


Before going further, make sure that you have a SQL server will allow you to accommodate the specific database to MIM ( I went on SQL server 2012 SP3 with the latest and the latest patches available to date of ).


I also recommend you also install Microsoft .NET 4.6 on the server you have planned to install MIM.


You will also need a service account that will operate the MIM synchronization module. Let’s say svc_mim ( feel free to adapt the names according to your naming conventions ).


For the same service account, sign the VM / MIM server and configure Local Security Policy ( Local Policies> User Rights Assignment ) to Deny the following actions to the service account MIM:


  • Deny log on as a batch job

  • Deny log on locally

  • Deny access to this computer from the network

mim_01


mim_02


mim_03


Vous will then need to pre-create the following groups AD ( otherwise it will be created locally on the MIM server installation time ) :


  • MIMSyncAdmins

  • MIMSyncOperators

  • MIMSyncJoiners

  • MIMSyncBrowse

  • MIMSyncPasswordSet

Pensez by the way, put your personal account in the group (at minimum) MIMSyncAdmins so you can later open the MIM console.


I do not address any specific configuration to perform SQL Server for you to see to the maintenance plans or the RAM / CPU allocation if running on a VM. So we can move on to installing the MIM Service


Step 1 -. Installing MIM Synchronization Service


Now insert ISO MIM and perform the installation as described below. Select Install Synchronization Service.


mim_04


mim_05


mim_06


mim_07


mim_08


Dans this case, I shared the same virtual machine to accommodate both my SQL Server instance and MIM. If this is not the case, adjust the portion selecting Remote Machine and possibly name of your SQL instance ( if you do not let the name by fault MSSQLSERVER).


mim_10


Spécifiez now Service Account you previously created and the password and the NetBIOS name of your domain name. Then click Next.


mim_11


also specify different AD groups we created in prérequis.


mim_12


mim_13


Tout is ready, it’ll just click Install to start installation.


mim_14


If you the above window with Warning 25051 is that you do not have your account set up properly service including 3 Deny actions that must be in place within Local Security Policy ( I return to step 0 – Prerequisites to resume this part ). Otherwise, you should not see this message


mim_15.


It’ll just save your encryption key somewhere on the server (also archived and elsewhere) in case of problems.


mim_17


Click Finish , the installation is complete.


Although not required, I recommend a small restart after that and you should be able to open that manages console the Management MIM Agent by clicking Synchronization Service Manager from the Start menu.


mim_18


of course, for now, we have that installing the synchronization module MIM. Now you need to create and configure your Management Agent for they connect to your various sources and eventually set up the Rules Extension (in C #) that will define your actions import, export and synchronization (with or without Exchange provisioning). We will return in a future article.


No comments:

Powered by Blogger.