MIM 2016 SP1–Service and Portal Installation Guide


Introduction:

This document is intended to be used as an operational build document for the Microsoft Identity Management 2016 MIM Service and Portal Server installation. This guide does not cover the installation of the Password Registration and Password Reset Portals. These installations are covered in detail in separate blog posts.

Using this Guide:

You may perform search and replace on the variables listed below to create a detailed build guide customized for your environment.

Document Variables:

Description

Search and Replace Variable

Full Domain Name (ex. Contoso.com)

[FQDOMAIN]

Common name of the domain (ex. Contoso)

[DOMAIN]

Common name of the SQL Server (ex. SQL01)

[SQL SERVER]

Common name of the MIM Service and Portal SQL Instance (ex. Service)

[SQL INSTANCE]

Common name of the MIM Synchronization Server (ex. SyncServer01)

[MIM SYNC SERVER]

Common name of the first MIM Service and Portal Server (ex. Portal01)

[MIM SERVER 1]

Common name of the second MIM Service and Portal Server (ex. Portal02)

[MIM SERVER 2]

Common name of the MIM Installation Service Account (ex. MIMInstall)

[INSTALL ACCOUNT]

Common name of the MIM MA Service Account (ex. MIMMA)

[MIM MA SERVICE ACCOUNT]

Common name of the MIM Service Account (ex. MIMService)

[MIM SERVICE ACCOUNT]

Full email address of the MIM Service Account (ex. MIM.Service@contoso.com)

[MIM SERVICE EMAIL]

Common name of the MIM Password Registration service account. (ex. MIMPwdReg)

When performing a search and replace on document variables, replace this variable with a space to clear the variable value in the documentation.

[MIM PWD REG ACCOUNT]

Common name of the MIM Password Reset service account. (ex. MIMPwdRst)

When performing a search and replace on document variables, replace this variable with a space to clear the variable value in the documentation.

[MIM PWD RST ACCOUNT]

Full SMTP mail server address including domain name. (ex. mail.contoso.com)

[SMTP MAIL SERVER]

Full URL of the MIM Password Registration Portal if implemented. (ex. https://registrationportal.contoso.com).

When performing a search and replace on document variables, replace this variable with a space to clear the variable value in the documentation.

[MIM PRP URL]


Requirements:

MIM Portal Server Requirements:

Two Windows 2012 R2 virtual servers are required for this effort. These servers provide for primary servers in the Test environment. Each should have a minimum of 4 CPUs and 32 Gb of RAM. The two servers should have the following disk allocations:

C:\ 100 gb Operating System and Software

E:\ 200 gb MIM 2016, associated management agents and rules extensions.

SQL Instance Installation Requirements:

Please reference the following Microsoft document for best practice guidance on SQL server configuration settings and builds for MIM Portal and Service Servers.

https://docs.microsoft.com/en-us/microsoft-identity-manager/mim-best-practices

Note: The SQL Server Instance requires full text search and the SQL Server Agent to be installed and activated to successfully complete the MIM Service and Portal installation.

Service Account Requirements:

The Service Accounts, SPNs, and Kerberos Delegation configurations needed for the MIM Service and Portal Installation can be found in the following blog post:

https://blogs.msdn.microsoft.com/connector_space/2018/06/07/service-accounts-spns-and-kerberos-delegation-configurations-for-mim-service-and-portal-installation/

Prerequisite Software Installations:

Windows 2012 R2 Operating System Roles and Features:

The following roles and features are needed to install SharePoint and the MIM Service and Portal.

Server Manager:

Launch Server Manager

Select Dashboard

Select Add Roles and Features

Select Next

Select Role-based or feature-based installation

Select Next

Select Next

Roles:

For Roles select Web Server (IIS)

Select the Add Features button

Select Next

Add Features:

Select .NET Framework 3.5. Features,

Select .Net Framework 3.5 (Includes .Net 2.0 and 3.0)

Select Http Activation

Select Add Features

Scroll down the list and expand Windows PowerShell (2 of 5 installed)

Select Windows Powershell 2.0 Engine

Select Next

Web Server Role (IIS)

Select Next

Role Services:

Common HTTP Features

Default Document

Directory Browsing

HTTP Errors

Static Content

HTTP Redirection

Health and Diagnostics

HTTP Logging

Request Monitor

Performance

Static Content Compression

Dynamic Content Compression

Security

Request Filtering

Basic Authentication

Windows Authentication

Application Development

Select ASP

Select Add Features button

.NET Extensibility 3.5

.NET Extensibility 4.5

ASP.NET 3.5

Select Add Features button

ASP.NET 4.5

ISAPI Extensions

ISAPI Filters

Management Tools

Select IIS 6 Management Compatibility

IIS 6 Metabase Compatibility

IIS 6 Management Console

IIS 6 Scripting Tools

Select Add Features button

IIS 6 WMI Compatibility

Select Next,

Select Install,

Once Installation Succeeds, select Close

Install SQL Client:

You can download the SQL Client installer (sqlncli.msi) from the Microsoft SQL Server 2012 SP2 Feature Pack located at the following link:

https://www.microsoft.com/en-us/download/details.aspx?id=43339

Launch the Microsoft SQL Server 2012 Native Client Installer

On the Welcome to the installation Wizard for SQL Server 2012 Native Client select Next

Review and Accept the License Terms to continue installation

Select Next

On the Feature Selection window, select Next

On the Ready to Install the Program pane, select Install

If asked to allow program to make changes to this computer, select Yes.

Upon successful completion, select Finish

Install Optional Tools:

Some popular tools and utilities that you may consider installing include:

-  NotePad++

-  VisualStudio

-  Telnet Client

-  SQL Server Management Studio

Install SharePoint Foundation 2013 SP1

MIM 2016 Portal utilizes components of SharePoint. The installation instructions for SharePoint Foundation 2013 SP1 for use with FIM / MIM are posted in a separate blog post at the following location:

https://blogs.msdn.microsoft.com/connector_space/2018/06/01/install-of-sharepoint-foundation-2013-sp1-for-use-with-fim-mim/

Install the MIM Service and Portal:

From the MIM 2016 Installation Media launch FIMSplash.html

If prompted, select Yes to allow program to make changes to computer.

Under Identity Manager Service and Portal, select Install Service and Portal,

Select Run

If prompted, select Yes to allow program to make changes to computer.

On the Welcome to Microsoft Identity Manager Service and Portal Setup Wizard

select Next.

On the End-User License Agreement page,

Review the license agreement and accept to continue installation.

select Next.

On the MIM Customer Experience Improvement Program page,

choose your participation option and select Next.

On the Custom Setup page:

MIM Reporting and Privilege Access Management:

By Default, MIM Reporting and Privileged Access Management features are not installed. Under MIM Service the MIM Reporting and Privileged Access Management options are deselected with a red X appearing next to these optional features.

Should you choose to install these features, additional documentation on the installation of these features can be located online.

Password Registration and Reset:

Conversely, Password Registration and Reset are installed by default. Should you choose not to install these features, or if these features will be installed on a separate system, the following actions may be taken to prevent the installation of these features.

Select MIM Password Registration Portal

choose Entire Feature will be unavailable.

A red X will now appear next to the option as well.

Select MIM Password Reset Portal

choose Entire Feature will be unavailable.

A red X will appear next to the option.

Installation Path:

The default installation path is c:\Program Files\Microsoft Forefront Identity Manager\2010\

To specify an alternate installation path:

Select MIM Service or MIM Portal, and select Browse and change to the desired installation path.

The path selection will apply to both MIM Service and MIM Portal features if installed simultaneously.

select OK.

Select Next

On the Configure Common Services - MIM Database Connection page

Enter the following information:

Database Server: [SQL SERVER]\[SQL INSTANCE]

Database Name: FIMService

For the first server installed [MIM SERVER 1] select Create a new database

For each subsequent server [MIM SERVER 2] select Re-use the existing database.

Select Next

Database Backup Warning:

MIM Service database backup should be performed.

If you are installing the first server and selected the create new database option, this message does not appear. This message appears when selecting the use existing database option.

Select Next

On the Configure Common Services – Mail Server Connection page

Mail Server: [SMTP MAIL SERVER]

Check all relevant options noted below.

Use SSL

Mail Server is Exchange Server 2007 or Exchange Server 2010

Enable Polling for Exchange Server 2007 or Exchange Server 2010

Use Exchange Online

On the Configure Common Services – Service Certificate page

Select Generate a new self-issued certificate

Select Next

On the Configure Common Services – MIM Service Account page

Enter the following information:

Service Account Name: [MIM SERVICE ACCOUNT]

Service Account Password *******************

Service Account Domain [FQDOMAIN]

Service Email Account [MIM SERVICE EMAIL]

Select Next

Account Security Warning:

If an Account Security Warning stating the Service Account is not secure in its current configuration is received, select Next.

The Service Account security can be addressed after the installation by referencing the following blog post:

https://blogs.msdn.microsoft.com/connector_space/2015/08/28/warning-25051-service-account-is-not-secure-in-its-current-configuration/

On the Configure Common Services – Configure MIM Service and Portal Synchronization page

Enter the following information:

Synchronization Server: [MIM SYNC SERVER]

MIM Management Agent Account: [DOMAIN]\[MIM MA SERVICE ACCOUNT]

Select Next

You may receive a warning message:

The MIM synchronization server you have entered does not exist or is not running. Click ‘Back’ to enter a different server name. If you plan to install the MIM synchronization service on the ‘[MIM SYNC SERVER]’ later, click ‘Next’ to accept the configuration and continue. Refer to the installation guide for instructions on how to change this information post deployment.

Verify the server name is correct.

If it is not correct, select Back and correct the name.

Once the server name is verified to be correct, you may still receive this message.

select Next to continue

On the Configure Common Services – Configure Connection with MIM Service page

MIM Service Server Address: [MIM SERVER 1] or [MIM SERVER 2]

select Next

On the Configure Common Services – Configure Connection with MIM Service page

SharePoint Site Collection URL: http://FIMPortal

Select Next

On the Configure Common Services – Configure Optional Portal Home Page Configuration page

Registration Portal URL: [MIM PRP URL]

Select Next

Note: This should be left empty if this feature is not implemented.

On the Configure Common Services – Configure Security Changes Configured by Setup page

Select Open ports 5725 and 5726 in the Portal

Select Grant Authenticated Users Access to MIM Portal Site

Select Next

On the Enter Information for MIM Password Portals page

If applicable, select MIM Password Registration Portal will be installed on another host.

Account Name: [DOMAIN]\[MIM PWD REG ACCOUNT]

If applicable, select MIM Password Reset Portal will be installed on another host

Account Name: [DOMAIN]\[MIM PWD RST ACCOUNT]

Select Next

On the Install Microsoft Identity Manager Service and Portal page

Select Install

Please be patient, as the installation may take some time to complete while opening and closing command windows and at times giving the appearance that no actions are occurring.

On the Completed Microsoft Identity Manager Service and Portal Setup Wizard page,

Select Finished

Close the FIMSplash browser window.

Verify the FIMSPFPool is Started

Start, Internet Information Services Manager (IIS)

Expand the Server

Select Application Pools

Select FIMSPFPool

Verify the FIMSPFPool is started.

Close IIS

From the server [MIM SERVER 1], launch Internet Explorer

Enter the following Url to display the MIM Portal

http://[MIM SERVER 1]/identitymanagement/aspx/users/AllPersons.aspx

From the server [MIM SERVER 2], launch Internet Explorer

Enter the following Url to display the MIM Portal

http://[MIM SERVER 2]/identitymanagement/aspx/users/AllPersons.aspx

The MIM Portal should display without error.

Post Installation of MIM Service and Portal

Install the latest version of MIMWAL (MIM Workflow Application Library)

The Microsoft Identity Manager Workflow Activities Libraries (MIMWAL) is a Microsoft-maintained-open-source library that extends the functionality of MIM. Repeat the following steps on all MIM Service and MIM Portal Servers.

http://microsoft.github.io/MIMWAL/

Build and Deploy the MIMWAL solution:

Instructions for creating the MIMWAL assembly are located at the following link.

https://github.com/Microsoft/MIMWAL/wiki/build-and-deployment

Comments (0)

Skip to main content