Installing the Microsoft Identity Manager 2016 Synchronization Service – Clean Install

As you may be aware, the new version of identity – Microsoft Identity Manager 2016 – has been released. While the in-place upgrade of the sync engine from FIM 2010 R2 to MIM 2016 is covered in great detail here, I would like to take some time and step through a brand new fresh install of the MIM 2016 sync service.


The environment I’m using is Windows Server 2012 with SQL Server 2012 SP1. The prerequisites (.Net, SQL Native Client if SQL is off-box, etc.) remain largely unchanged from FIM 2010.


To begin, navigate to the installation media and double-click on “FIMSPlash” to run it. This will open the MIM installation menu:



Under “Identity Manager Synchronization Service”, click on “Install Synchronization Service”, then click “Run”:



This will launch the “Microsoft Identity Manager 2016 – Synchronization Service” installation wizard. Click “Next” to continue.



Read and accept the EULA, then click “Next” to continue.



Change the “Installation Location” (if applicable), then click “Next”



If SQL is located off-box, select “A remote machine” and enter the name of the Microsoft SQL server. If SQL is located on the same machine (as in this scenario), select “This computer”.

If a named SQL instance is used (as is Best Practice), select “A named instance” and enter the instance name. Click “Next” to continue.



Enter the “Service account” which sync will run as, as well as the “Password” and “Domain”, then click “Next”



As with FIM 2010, these may be left default. Or, if you prefer, you may create and specify domain groups here. Click “Next” to continue.



Check the box to “Enable firewall rules for inbound RPC communications”, then click “Next”.



Click “Install”



As with FIM 2010, you may receive the following message. If so, click “OK” to continue as we will come back to this later.



At this point you will be prompted to back up the database encryption key. Click “OK”



Select a location and enter a name for this key file, then click “Save”



Click “Finish” to complete setup.



You may now open your MIM 2016 Sync Service.



To verify the version, click “Help” and “About” .



While you may notice it says “Microsoft Forefront Identity Manager 2010 R2”, you may disregard this. Notice also that the version number is 4.3.1935.0, whereas FIM 2010 R2 is a 4.1.xxxx version. For instructions on installing the Microsoft Identity Manager 2016 Service and Portal”, please see the follow-up post here.


Questions? Comments? Love FIM so much you can’t even stand it?




Comments (11)
  1. DZach says:

    I am wondering what level of permission needs to be assigned to the account that will be setting up MIM services. Does it need SYSADMIN ? will it work with lower permission like DB_creator /securityadmin ?

  2. Jeff says:


    Found the answer… but had to stand up a SQL Server Express to do a dummy install.. it creates a database called FIMSynchronizationService

  3. Jeff says:

    What is the name of database that the Synchronization Service creates?  I am reinstalling the synchronization service and using our SQL Server.  However the person that first installed/created the Synchronization Service database did not backup the database keys.

    So I need to delete the database, but I am not sure what the name of the database is.

  4. @ RuckshanG

    Thank you for the feedback and advise, old habits die hard as we use FIM and MIM interchangeably but will make an effort to use new name for documentation ease

  5. @ RukshanG    Great advise and thank you for the feedback, its still a habit reefing this product as FIM and in a lot of ways we use the 2 interchangably

  6. Anthony says:


    Thank you for this post! it helps a lot.

    I set up a MIM 2016 with AD DS and External SQL Database sync.

    Now I want to connect Azure AD. I can't find something clear on this.

    Is this possible to connect MIM to Azure AD and then provision MIM users to Azure AD ?

    Or I have to install an other server with AADConnect to sync my AD / AzureAD users ?

    Thank you,


    1. Peter Harley says:

      Hi Anthony,

      I’ve written custom Management Agents to do this before. I don’t think you can do it out of the box.

      1. Mr. Harley,
        could you please elaborate on what your reply is in response to? nothing in this particular post is in reference to creating a custom MA.

  7. Is SQL Native Client installed?

    Will this SQL Server host anything else other than MIMService or MIM Synchronization? if so have you looked into creating a separate instance and leaving the Default instance for another product that may require it?

    If native client is installed can you connect to the SQL Server ?

  8. ktackett says:

    @ SQL Issue:

    You said "no SQL components installed on my Sync server"; you need SQL Native Client installed if SQL is off box.

  9. SQL issue says:

    I have SQL 2014 installed "off box" (default instance) but when I select either local instance or remote instance (no SQL components installed on my Sync server), I get an error that the SQL Server can't be contacted? Permissions are there, firewall is off, etc, what gives?

Comments are closed.

Skip to main content