Install the MIM 2016 Management Agent (MIM MA)
Introduction:
This document is intended to be used as an operational preparatory document for the Microsoft Identity Management 2016 base MIM MA installation.
Using this Guide:
You may perform search and replace on the variables listed below to create a detailed implementation guide customized for your environment.
Document Variables:
Description |
Search and Replace Variable |
Primary Sync Server (Ex. Sync01) |
[PRIMARY SYNC SERVER] |
Primary SQL Server (Ex. SQL01) |
[SQL Server] |
Common name of the MIM Service and Portal SQL Instance (ex. Service) |
[SQL INSTANCE] |
The database name of the FIM Service Database. (ex. FIMService) |
[SERVICE DB NAME] |
Common name of the domain (ex. Contoso) |
[DOMAIN] |
Common name of the URL / Virtual IP Address used to load balance the MIM Service and Portal Servers. (Ex. MIMPortal) |
[MIM PORTAL URL] |
Common name of the first MIM Service and Portal Server (ex. Portal01) |
[MIM SERVER 1] |
Common name of the second MIM Service and Portal Server (ex. Portal02) |
[MIM SERVER 2] |
Common name of the MIM Installation Service Account (ex. MIMInstall) |
[INSTALL ACCOUNT] |
Common name of the MIM MA Service Account (ex. MIMMA) |
[MIM MA SERVICE ACCOUNT] |
Service Accounts:
The following service accounts are used in the installation and configuration of the MIM Service and Portal. Rights associated with each account are listed below:
Service Account Name |
Usage |
Notes |
[MIM MA SERVICE ACCOUNT] |
MIM Sync server account for FIM Service For MIM Management Agent |
Allow logon locally rights assignment |
[INSTALL ACCOUNT] |
Account used for initial installation of the MIM Software. |
Need local admin on Sync server and SQL Admin Rights. Option: Domain Admin to create Domain Groups |
Configure the MIM MA:
From the Primary Synchronization Server [PRIMARY SYNC SERVER] Server
Logon as the Install Account [INSTALL ACCOUNT]
Launch the MIM Synchronization Service Manager
Select Management Agents tab
Under Actions, select Create
The Create Management Agent Window should display.
Create Management Agent:
Select Management Agent For: FIM Service Management Agent
Name: MIM_MA
Description: MIM Service Management Agent
Select Next
Update MV Schema:
Select Next
Connect to Database:
Server: [SQLSERVER]\[SQL INSTANCE]
Database: [SERVICE DB NAME]
FIM Service base address:
If using a single MIM Portal server, enter https://[MIM SERVER 1]:5725
If using load balancing, enter the common name of the MIM Portal URL https://[MIM PORTAL URL]:5725
For Windows Integrated Authentication mode enter
User Name: [MIM MA SERVICE ACCOUNT]
Password: ***************
Domain: [DOMAIN]
Select Next
Select Object Types:
Check the following objects:
if synchronizing person and group objects to the portal check:
DetectedRuleEntry
ExpectedRuleEntry
Person
Groups
SynchronizationRule
Select Next
Select Attributes:
Select Next
Configure Connector Filter:
Select Next
Configure Object Type Mappings:
Highlight Person
Select Add Mapping
Select person, OK
Select Next
Configure Attribute Flow:
Select Next
Configure Deprovisioning:
Select Next
Configure Extensions:
select Finish
Setup MIM MA Run Profiles:
From the Synchronization Service Manager,
Select Management Agents
Select MIM_MA
Right Click MIM_MA
Select Configure Run Profiles
Full Import (FI)
Select New Profile
On the Profile Name Page, For Name enter FI
Select Next
On the Configure Step page, For Type select Full Import (Stage Only)
Select Next
Select Finish
Delta Import (DI)
Select New Profile
On the Profile Name Page, For Name enter DI
Select Next
On the Configure Step page, For Type select Delta Import (Stage Only)
Select Next
Select Finish
Full Sync (FS)
Select New Profile
On the Profile Name Page For Name enter FS
Select Next
On the Configure Step page For Type select Full Synchronization
Select Next
Select Finish
Delta Sync (DS)
Select New Profile
On the Profile Name Page For Name enter DS
Select Next
On the Configure Step page For Type select Delta Synchronization
Select Next
Select Finish
Export (EX)
Select New Profile
On the Profile Name Page For Name enter EX
Select Next
On the Configure Step page For Type select Export
Select Next
Select Finish
Select OK
Perform the First Import of the MIM MA
From the Synchronization Service Manager,
Select Management Agents
Select MIM_MA
Right Click MIM_MA
Select Run, Full Import, OK
The initial Full Import should generate 2 adds in the Synchronization Statistics Frame .
Filter the FIM Install Account and Built-in Synchronization Account
Double Click Adds
Double Click the First Entry 7fb2b853-24f0-4498-9534-4e10589723c4
Highlight theDistinguished Name value
Right click, select copy
Select Close, Close
Double Click MIM_MA
Select Configure Connector Filter
Select Person
Select New
For the Data Source Attribute value select <dn>
For the Operator value select Equals
For the Value paste the clipboard value 7fb2b853-24f0-4498-9534-4e10589723c4
Select Add Condition
Select OK, OK
Double Click Adds
Double Click the Second Entryfb89aefa-5ea1-47f1-8890-abe7797d6497
Highlight the Distinguished Name value
Right click, select copy
Select Close, Close
Double Click MIM_MA
Select Configure Connector Filter
Select Person
Select New
For the Data Source Attribute value select <dn>
For the Operator value select Equals
For the Value paste the clipboard value fb89aefa-5ea1-47f1-8890-abe7797d6497
Select Add Condition
Select OK, OK