Installing the Microsoft Identity Manager 2016 Synchronization Service – Clean Install


As you may be aware, the new version of identity – Microsoft Identity Manager 2016 – has been released. While the in-place upgrade of the sync engine from FIM 2010 R2 to MIM 2016 is covered in great detail here, I would like to take some time and step through a brand new fresh install of the MIM 2016 sync service.

 

The environment I’m using is Windows Server 2012 with SQL Server 2012 SP1. The prerequisites (.Net, SQL Native Client if SQL is off-box, etc.) remain largely unchanged from FIM 2010.

 

To begin, navigate to the installation media and double-click on “FIMSPlash” to run it. This will open the MIM installation menu:

clip_image002

 

Under “Identity Manager Synchronization Service”, click on “Install Synchronization Service”, then click “Run”:

clip_image004

 

This will launch the “Microsoft Identity Manager 2016 – Synchronization Service” installation wizard. Click “Next” to continue.

clip_image006

 

Read and accept the EULA, then click “Next” to continue.

clip_image008

 

Change the “Installation Location” (if applicable), then click “Next”

clip_image010

 

If SQL is located off-box, select “A remote machine” and enter the name of the Microsoft SQL server. If SQL is located on the same machine (as in this scenario), select “This computer”.

If a named SQL instance is used (as is Best Practice), select “A named instance” and enter the instance name. Click “Next” to continue.

clip_image012

 

Enter the “Service account” which sync will run as, as well as the “Password” and “Domain”, then click “Next”

clip_image014

 

As with FIM 2010, these may be left default. Or, if you prefer, you may create and specify domain groups here. Click “Next” to continue.

clip_image016

 

Check the box to “Enable firewall rules for inbound RPC communications”, then click “Next”.

clip_image018

 

Click “Install”

clip_image020

 

As with FIM 2010, you may receive the following message. If so, click “OK” to continue as we will come back to this later.

clip_image022

 

At this point you will be prompted to back up the database encryption key. Click “OK”

clip_image024

 

Select a location and enter a name for this key file, then click “Save”

clip_image026

 

Click “Finish” to complete setup.

clip_image028

 

You may now open your MIM 2016 Sync Service.

clip_image030

 

To verify the version, click “Help” and “About” .

clip_image032

 

While you may notice it says “Microsoft Forefront Identity Manager 2010 R2”, you may disregard this. Notice also that the version number is 4.3.1935.0, whereas FIM 2010 R2 is a 4.1.xxxx version. For instructions on installing the Microsoft Identity Manager 2016 Service and Portal”, please see the follow-up post here.

 

Questions? Comments? Love FIM so much you can’t even stand it?

EMAIL US!

>WE WANT TO HEAR FROM YOU<

## https://blogs.msdn.microsoft.com/connector_space##

Comments (11)

  1. DZach says:

    I am wondering what level of permission needs to be assigned to the account that will be setting up MIM services. Does it need SYSADMIN ? will it work with lower permission like DB_creator /securityadmin ?

  2. Jeff says:

    @Jeff

    Found the answer… but had to stand up a SQL Server Express to do a dummy install.. it creates a database called FIMSynchronizationService

  3. Jeff says:

    What is the name of database that the Synchronization Service creates?  I am reinstalling the synchronization service and using our SQL Server.  However the person that first installed/created the Synchronization Service database did not backup the database keys.

    So I need to delete the database, but I am not sure what the name of the database is.

  4. @ RuckshanG

    Thank you for the feedback and advise, old habits die hard as we use FIM and MIM interchangeably but will make an effort to use new name for documentation ease

  5. @ RukshanG    Great advise and thank you for the feedback, its still a habit reefing this product as FIM and in a lot of ways we use the 2 interchangably

  6. Anthony says:

    Hello,

    Thank you for this post! it helps a lot.

    I set up a MIM 2016 with AD DS and External SQL Database sync.

    Now I want to connect Azure AD. I can't find something clear on this.

    Is this possible to connect MIM to Azure AD and then provision MIM users to Azure AD ?

    Or I have to install an other server with AADConnect to sync my AD / AzureAD users ?

    Thank you,

    Anthony

    1. Peter Harley says:

      Hi Anthony,

      I’ve written custom Management Agents to do this before. I don’t think you can do it out of the box.

      1. Mr. Harley,
        could you please elaborate on what your reply is in response to? nothing in this particular post is in reference to creating a custom MA.

  7. Is SQL Native Client installed?

    Will this SQL Server host anything else other than MIMService or MIM Synchronization? if so have you looked into creating a separate instance and leaving the Default instance for another product that may require it?

    If native client is installed can you connect to the SQL Server ?

  8. ktackett says:

    @ SQL Issue:

    You said "no SQL components installed on my Sync server"; you need SQL Native Client installed if SQL is off box.

  9. SQL issue says:

    I have SQL 2014 installed "off box" (default instance) but when I select either local instance or remote instance (no SQL components installed on my Sync server), I get an error that the SQL Server can't be contacted? Permissions are there, firewall is off, etc, what gives?

Skip to main content