Installing the MIM 2016 synchronization engine (Microsoft Identity Manager) [Full Guide]


Microsoft Identity Manager (formerly FIM – Forefront Identity Manager ) is the Microsoft solution that allows (among others) to make Active Directory synchronization This solution is composed of. several distinct products including a web portal as well as the synchronization engine.

I propose in this article to see how to install synchronization engine . it is the latter that connects your different sources of information that they are Active Directory, application, GAL (or others) to operate analyzes, timings or creations of objects in AD.

for each type of source we will then create a Management Agent (MA) specific to the source it must manage. You will find below the list of sources that MIM is capable of handling. in my case, I need to manage multiple active Directory, perform precise analyzes and create appropriate objects in a new AD (…)


Step 0 -. Prerequisites

Before going further, make sure that you have a SQL server will allow you to accommodate the specific database to MIM ( I went on SQL server 2012 SP3 with the latest and the latest patches available to date of ).

I also recommend you also install Microsoft .NET 4.6 on the server you have planned to install MIM.

You will also need a service account that will operate the MIM synchronization module. Let’s say svc_mim ( feel free to adapt the names according to your naming conventions ).

For the same service account, sign the VM / MIM server and configure Local Security Policy ( Local Policies> User Rights Assignment ) to Deny the following actions to the service account MIM:

  • Deny log on as a batch job

  • Deny log on locally

  • Deny access to this computer from the network




Vous will then need to pre-create the following groups AD ( otherwise it will be created locally on the MIM server installation time ) :

  • MIMSyncAdmins

  • MIMSyncOperators

  • MIMSyncJoiners

  • MIMSyncBrowse

  • MIMSyncPasswordSet

Pensez by the way, put your personal account in the group (at minimum) MIMSyncAdmins so you can later open the MIM console.

I do not address any specific configuration to perform SQL Server for you to see to the maintenance plans or the RAM / CPU allocation if running on a VM. So we can move on to installing the MIM Service

Step 1 -. Installing MIM Synchronization Service

Now insert ISO MIM and perform the installation as described below. Select Install Synchronization Service.






Dans this case, I shared the same virtual machine to accommodate both my SQL Server instance and MIM. If this is not the case, adjust the portion selecting Remote Machine and possibly name of your SQL instance ( if you do not let the name by fault MSSQLSERVER).


Spécifiez now Service Account you previously created and the password and the NetBIOS name of your domain name. Then click Next.


also specify different AD groups we created in prérequis.



Tout is ready, it’ll just click Install to start installation.


If you the above window with Warning 25051 is that you do not have your account set up properly service including 3 Deny actions that must be in place within Local Security Policy ( I return to step 0 – Prerequisites to resume this part ). Otherwise, you should not see this message


It’ll just save your encryption key somewhere on the server (also archived and elsewhere) in case of problems.


Click Finish , the installation is complete.

Although not required, I recommend a small restart after that and you should be able to open that manages console the Management MIM Agent by clicking Synchronization Service Manager from the Start menu.


of course, for now, we have that installing the synchronization module MIM. Now you need to create and configure your Management Agent for they connect to your various sources and eventually set up the Rules Extension (in C #) that will define your actions import, export and synchronization (with or without Exchange provisioning). We will return in a future article.

No comments:

Powered by Blogger.