Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront...
Transcript of Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront...
![Page 1: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/1.jpg)
Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016
In this post, I will walk you through the process of installing MIM 2016 SP1 on Windows Server 2016
running SQL 2016. MIM 2016 SP1 will be evaluation version.
My home lab consist of:
Domain – RAMLAN.CA DC1 & DC2 - Domain Controllers Server 2016 MIM – Forefront Identity Manager Server 2016 SP1 on Server 2016
Create proper OU structure for MIM install. I have created the following to keep everything clean.
I will be creating following users and groups within above OU. These accounts will be used during the
installation/testing/deployment stages. I have shared PowerShell script to create these users/groups.
import-module activedirectory $sp = ConvertTo-SecureString "01Jan2009" –asplaintext –force New-ADUser –SamAccountName MIMMA –name MIMMA -path "OU=ServiceAccounts,OU=Services,OU=MIM,DC=ramlan,DC=ca" -AccountPassword $sp -PasswordNeverExpires 1 -Enabled 1 -UserPrincipalName "[email protected]" New-ADUser –SamAccountName MIMSync –name MIMSync -path "OU=ServiceAccounts,OU=Services,OU=MIM,DC=ramlan,DC=ca" -AccountPassword $sp -PasswordNeverExpires 1 -Enabled 1 -UserPrincipalName "[email protected]" New-ADUser –SamAccountName MIMService –name MIMService -path "OU=ServiceAccounts,OU=Services,OU=MIM,DC=ramlan,DC=ca" -AccountPassword $sp -PasswordNeverExpires 1 -Enabled 1 -UserPrincipalName "[email protected]" New-ADUser –SamAccountName MIMSSPR –name MIMSSPR -path "OU=ServiceAccounts,OU=Services,OU=MIM,DC=ramlan,DC=ca" -AccountPassword $sp -PasswordNeverExpires 1 -Enabled 1 -UserPrincipalName "[email protected]" New-ADUser –SamAccountName MIMSSPR –name MIMSSPWR -path "OU=ServiceAccounts,OU=Services,OU=MIM,DC=ramlan,DC=ca" -AccountPassword $sp -PasswordNeverExpires 1 -Enabled 1 -UserPrincipalName "[email protected]" New-ADUser –SamAccountName SharePoint –name SharePoint -path "OU=ServiceAccounts,OU=Services,OU=MIM,DC=ramlan,DC=ca" -AccountPassword $sp -PasswordNeverExpires 1 -Enabled 1 -UserPrincipalName "[email protected]" New-ADUser –SamAccountName SqlEngine –name SqlEngine -path "OU=ServiceAccounts,OU=Services,OU=MIM,DC=ramlan,DC=ca" -AccountPassword $sp -PasswordNeverExpires 1 -Enabled 1 -UserPrincipalName "[email protected]" New-ADUser –SamAccountName SQLAgent –name SQLAgent -path "OU=ServiceAccounts,OU=Services,OU=MIM,DC=ramlan,DC=ca" -AccountPassword $sp -PasswordNeverExpires 1 -Enabled 1 -UserPrincipalName "[email protected]" New-ADUser –SamAccountName BackupAdmin –name BackupAdmin -path "OU=ServiceAccounts,OU=Services,OU=MIM,DC=ramlan,DC=ca" -AccountPassword $sp -PasswordNeverExpires 1 -Enabled 1 -UserPrincipalName [email protected] New-ADUser –SamAccountName BackupAdmin –name MIMADSync -path "OU=ServiceAccounts,OU=Services,OU=MIM,DC=ramlan,DC=ca" -AccountPassword $sp -PasswordNeverExpires 1 -Enabled 1 -UserPrincipalName [email protected] and add this user to Domain Admin group as well
![Page 2: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/2.jpg)
New-ADGroup –name MIMSyncAdmins –GroupCategory Security –GroupScope Global –SamAccountName MIMSyncAdmins -path "OU=Groups,OU=Services,OU=MIM,DC=ramlan,DC=ca" New-ADGroup –name MIMSyncOperators –GroupCategory Security –GroupScope Global –SamAccountName MIMSyncOperators -path "OU=Groups,OU=Services,OU=MIM,DC=ramlan,DC=ca" New-ADGroup –name MIMSyncJoiners –GroupCategory Security –GroupScope Global –SamAccountName MIMSyncJoiners -path "OU=Groups,OU=Services,OU=MIM,DC=ramlan,DC=ca" New-ADGroup –name MIMSyncBrowse –GroupCategory Security –GroupScope Global –SamAccountName MIMSyncBrowse -path "OU=Groups,OU=Services,OU=MIM,DC=ramlan,DC=ca" New-ADGroup –name MIMSyncPasswordReset –GroupCategory Security –GroupScope Global –SamAccountName MIMSyncPasswordReset -path "OU=Groups,OU=Services,OU=MIM,DC=ramlan,DC=ca"
Run below command to add these groups as well.
Create SPNs: Run below command as Domain Admin
setspn -S http/MIM.RAMLAN.CA RAMLAN\SharePoint setspn -S http/MIM RAMLAN\SharePoint setspn -S FIMService/MIM.RAMLAN.CA RAMLAN\MIMService setspn -S FIMSynchronizationService/MIM.RAMLAN.CA RAMLAN\MIMSync
![Page 3: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/3.jpg)
Install pre req using PowerShell:
Add-WindowsFeature NET-HTTP-Activation,NET-Non-HTTP-Activ,NET-WCF-Pipe-Activation45,NET-WCF-
HTTP-Activation45,Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-Default-
Doc,Web-Dir-Browsing,Web-Http-Errors,Web-App-Dev,Web-Asp-Net,Web-Asp-Net45,Web-Net-
Ext,Web-Net-Ext45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-
Libraries,Web-Request-Monitor,Web-Http-Tracing,Web-Security,Web-Basic-Auth,Web-Windows-
Auth,Web-Filtering,Web-Digest-Auth,Web-Performance,Web-Stat-Compression,Web-Dyn-
Compression,Web-Mgmt-Tools,Web-Mgmt-Console,Web-Mgmt-Compat,Web-Metabase,WAS,WAS-
Process-Model,WAS-NET-Environment,WAS-Config-APIs,Web-Lgcy-Scripting,Windows-Identity-
Foundation,Xps-Viewer –verbose
Install-WindowsFeature Web-WebServer, Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-
Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer –includeallsubfeature
Set local security policies:
Open properties for Log on as a service and add these accounts.
RAMLAN\MIMSync; RAMLAN\MIMMA; RAMLAN\MIMService; RAMLAN\Sharepoint; RAMLAN\SQLEngine; RAMLAN\SQLAgent; RAMLAN\MIMSSPR; RAMLAN\MIMSSPWR
Add these 2 accounts as well
– MIMADSYNC & MIMSSPWR
![Page 4: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/4.jpg)
Open properties for Deny access to this computer from the network and add these accounts.
RAMLAN\MIMSYNC; RAMLAN\MIMSERVICE
Open properties for Deny log on locally and add these accounts.
RAMLAN\MIMSYNC; RAMLAN\MIMSERVICE
Change the IIS Authentication mode:
iisreset /STOP C:\Windows\System32\inetsrv\appcmd.exe unlock config /section:windowsAuthentication -commit:apphost iisreset /START
![Page 5: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/5.jpg)
Install SQL Server 2016 SP1: After mounting SQL 2016 ISO – You can run this command to install SQL silently.
setup.exe /Q /IACCEPTSQLSERVERLICENSETERMS /ACTION=install /FEATURES=SQL
/INSTANCENAME=MSSQLSERVER /SQLSVCACCOUNT="RAMLAN\SQLEngine"
/SQLSVCPASSWORD="01Jan2009" /AGTSVCACCOUNT="RAMLAN\SQLAgent"
/AGTSVCPASSWORD=”01Jan2009” /AGTSVCSTARTUPTYPE=Automatic
/SQLSYSADMINACCOUNTS="RAMLAN\Administrator"
I am going to perform manual install of SQL 2016 SP1 -
![Page 6: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/6.jpg)
![Page 7: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/7.jpg)
Include Full-Text & Semantic Extractions
for Search. This is required.
![Page 8: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/8.jpg)
![Page 9: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/9.jpg)
Install SQL Server 2016 SP2: I am going to perform manual install of SQL 2016 SP2 -
![Page 10: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/10.jpg)
![Page 11: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/11.jpg)
Install SQL Server 2016 SP2 CU2:
I am going to perform manual install of SQL 2016 SP2 CU2-
![Page 12: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/12.jpg)
Install Management Studio:
I am going to perform manual install of SQL Management Studio -
![Page 13: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/13.jpg)
Install SharePoint Foundation 2013 with SP1:
https://www.microsoft.com/en-ca/download/confirmation.aspx?id=42039
Download SharePoint Foundation 2013 from above link. Extract to the folder using this command "sharepoint.exe" /extract:c:\download\sharepoint
Start the prerequisite installer wizard from an administrative command shell. If you do not use an administrative shell, you will get download errors and the wizard will fail.
![Page 14: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/14.jpg)
![Page 15: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/15.jpg)
Restart the Server
![Page 16: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/16.jpg)
Feature installation: Fix .net framework 4.5 hardcoding (solution courtesy of https://support.microsoft.com/en-ca/help/3087184/sharepoint-2013-or-project-server-2013-setup-error-if-the–net-framewo) First you have to download https://download.microsoft.com/download/3/6/2/362c4a9c-4afe-425e-825f-369d34d64f4e/wsssetup_15-0-4709-1000_x64.zip Open the .zip file and extract the wsssetup.dll into the updates folder under your extracted Sharepoint installation. (C:\download\Sharepoint\updates) if you have replicated my folder structure)
Start the Sharepoint installer from an administrative command shell and run setup
![Page 17: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/17.jpg)
Configuration Wizards:
![Page 18: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/18.jpg)
![Page 19: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/19.jpg)
01Jan2009
![Page 20: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/20.jpg)
![Page 21: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/21.jpg)
I was getting above error when, I open Central SharePoint site. Try one of the solutions listed below:
1. Copy MOMAgent.msi from OM Server (C:\Program Files\Microsoft System Center\Operations Manager\Server\AgentManagement\amd64) Run this command - msiexec.exe /fvomus "MOMagent.msi" NOAPM=1 Restart the server
2. You can try this solution - Locate HKLM\SOFTWARE\Microsoft\.NETFramework - Add a new
DWORD value called LoaderOptimization.
Open SharePoint Central Administration site – It should work now
![Page 22: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/22.jpg)
![Page 23: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/23.jpg)
Configure SharePoint for MIM:
A) Create new web application
Start SharePoint Management Shell with run as admin and run below command
$dbManagedAccount = Get-SPManagedAccount -Identity RAMLAN\SharePoint New-SpWebApplication -Name "MIM Portal" -ApplicationPool "MIMAppPool" -ApplicationPoolAccount $dbManagedAccount -AuthenticationMethod "Kerberos" -Port 82 -URL http://portal.ramlan.ca
![Page 24: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/24.jpg)
B) Create new Site collection connected to the new web application
$t = Get-SPWebTemplate -compatibilityLevel 14 -Identity "STS#1" $w = Get-SPWebApplication http://portal.ramlan.ca:82 New-SPSite -Url $w.Url -Template $t -OwnerAlias RAMLAN\administrator -CompatibilityLevel 14 -Name "MIM Portal" -SecondaryOwnerAlias RAMLAN\BackupAdmin $s = SpSite($w.Url) $s.AllowSelfServiceUpgrade = $false $s.CompatibilityLevel
C) Disable SharePoint Server side view state and SharePoint task health analysis
$contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService; $contentService.ViewStateOnServer = $false; $contentService.Update(); Get-SPTimerJob hourly-all-sptimerservice-health-analysis-job | disable-SPTimerJob
Make sure you can login to the new site (http://localhost:82/default.aspx)
Installation: Synchronization Service
Mount the ISO and run setup.exe from Synchronization Service folder
![Page 25: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/25.jpg)
![Page 26: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/26.jpg)
![Page 27: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/27.jpg)
Since we were unable to export the key due to above error. I clicked No to complete the process.
Below you will find how to back up the keys.
![Page 28: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/28.jpg)
Since we were not able to export the keys – I will show you how it can be done.
Open Synchronization Service Key Management from Programs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Forefront Identity Manager\miiskeys-1.bin
![Page 29: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/29.jpg)
How to find what version of MIM 2016 SP1 before applying updates KB4050936:
With above version 4.4.1302, we can install hot fix update KB4050936 version 4.4.1749. To install FimSyncService Update KB4050936, we have to stop FIM Synchronization Service
![Page 30: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/30.jpg)
Open administrative command prompt
![Page 31: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/31.jpg)
You can check the version from Add/Remove Programs
Install and configure the MIM Portal / Service: DNS:
Create a Host A record for the portal address
Remove the Default Web Site:
![Page 32: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/32.jpg)
Remove SharePoint – 80: Start the Sharepoint PowerShell console Get-SPWebApplication “SharePoint – 80″|Remove-SPWebApplication
Verify your SharePoint mappings:
SharePoint is using something called Alternate Access Mappings to define what URLs are used for what SharePoint application. We need to check and modify URL through System Settings
![Page 33: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/33.jpg)
You should see above URL’s in Alternate Access Mappings – If not add them manually. Verify your IIS Bindings:
Click No Selection & Select MIM Portal - enter the URL & save
![Page 34: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/34.jpg)
Firewall settings: Since this is a lab – I have disabled firewall for the domain. So no need to configure any rule for Port 82 or Port 80 to access MIM portal. Installation – Service and Portal Open command prompt as Administrator Run this command - msiexec /i “Service and Portal.msi” /L*v c:\temp\MIM_Service_Install.log
![Page 35: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/35.jpg)
![Page 36: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/36.jpg)
![Page 37: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/37.jpg)
![Page 38: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/38.jpg)
![Page 39: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/39.jpg)
![Page 40: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/40.jpg)
![Page 41: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/41.jpg)
To open MIM Identity Management portal type this address http://localhost/identitymanagement
Portal Permission: Users
All users should be able to look at their own object. To make that happen, you have to enable the “User management: Users can read attributes of their own” Management Policy Rule.
Type User Management inside Search for and click search button
Open User Management – Users can read attributes of their own
If you want to give users read selected attribute for other users do the same as above.
Firewall rules:
Since this is home lab – My firewall is disabled by GPO for the domain. In real world you will have to make sure these rules are set open within Firewall
![Page 42: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/42.jpg)
Management Agent Configuration – Active Directory Management Agent:
Check this link for more info about MA configuration - https://docs.microsoft.com/en-us/microsoft-identity-manager/install-mim-sync-ad-service
These are various Management Agents that are available in MIM 2016 SP1. You can use these agents to create various attributes and others within your domain and run them as and when required.
Management agents link specific connected data sources to Microsoft Identity Manager (MIM) 2016 SP1. A management agent is responsible for moving data from a connected data source to MIM. When data in MIM is modified, the management agent can also export the data out to the connected data source to keep the connected data source synchronized with the data in MIM. Before we can manipulate users and/or groups with the FIM Synchronization Engine, it is necessary that we create Management Agents. Here, we will create a Management Agent for connecting to Active Directory. Begin by opening the Synchronization Engine from Programs
![Page 43: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/43.jpg)
![Page 44: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/44.jpg)
![Page 45: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/45.jpg)
Provisioning hierarchy, in case you’re wondering, gives us the ability to create OU that currently do not exist and bring them into scope based on a defined path in the DN. You can select whatever object types feel important.
You can select whatever attributes feel important.
![Page 46: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/46.jpg)
For “Join and Projection Rules”, select the “User” and click “New Join Rule”.
Select Data source, Metaverse attribute and click Add condition. You will get this warning. Click OK!
![Page 47: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/47.jpg)
It is worth noting that you may have any number of join conditions here, as we would prefer a join to a possible projection of a duplicate object. Also of interest is these become an “or” where it starts with the first condition and, if a join is unable to occur, it continues down the list attempting joins until there is no more criteria. At that point a project happens.
Above are the 2 screens you will see after adding attributes to Group and User.
1
2
![Page 48: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/48.jpg)
![Page 49: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/49.jpg)
Now you have created Active Directory Management Agent with various attributes for Group and Users. This is just an example. You can add/modify/create more attributes as and when required by editing the ADMA (Management Agent). Before you can test ADMA agent you will have to create Run profile, so this agent ADMA that we configured will go through the attributes and perform required action. If you want to know more about MA/Connectors check these links https://docs.microsoft.com/en-us/previous-versions/mim/jj863241(v=ws.10) https://docs.microsoft.com/en-us/microsoft-identity-manager/supported-management-agents Management Agent Configuration – FIM Service Management Agent: Start by opening the Synchronization Service Manager and click Management Agents, then Create. Select FIM Service MA
![Page 50: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/50.jpg)
https://social.technet.microsoft.com/wiki/contents/articles/31018.fim-2010-troubleshooting-fim-ma-does-not-support-the-current-fim-resource-management-service-db-version.aspx
To fix this error we have to install
hotfix update kb4050936
![Page 51: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/51.jpg)
So here are the steps to install the hotfix. First check the version installed. In my case it was 4.4.1302. So, I can upgrade to 4.4.
Then stop below services.
Open Command Prompt as Administrator and run below command
![Page 52: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/52.jpg)
Let’s try FIM Service MA agent install again
![Page 53: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/53.jpg)
![Page 54: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/54.jpg)
Create Person attribute flows. Below you see, I created one for AccountName. Follow the same step and create attribute flow for others listed in the table below.
![Page 55: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/55.jpg)
Create Group attribute flows. Below you see, I created one for AccountName. Follow the same step and create attribute flow for others listed in the table below
![Page 56: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/56.jpg)
![Page 57: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/57.jpg)
Create Run Profiles: Run Profiles are managed in the “Configure Run Profiles” dialog in Synchronization Service Manager. We have to create individual profile for each Management Agent. In our example we have to create run profile for ADMA and MIM Service. I am going to create Run Profile for ADMA. Follow the same steps listed below and complete for MIM Service MA as well.
![Page 58: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/58.jpg)
![Page 59: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/59.jpg)
![Page 60: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/60.jpg)
![Page 61: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/61.jpg)
![Page 62: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/62.jpg)
![Page 63: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/63.jpg)
Configure the MIM Service: Got to the Administration part of the portal and select Sync Rules
![Page 64: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/64.jpg)
Repeat these for inbound attribute flow
![Page 65: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/65.jpg)
TESTING: There are four steps you need to take before you can test your MIM configuration with AD data:
1. Enable Provisioning 2. Initialize the MIM MA 3. Initialize the ADMA 4. Populate MIM Service database
Enable Provisioning: Open the Synchronization Service Manager. To open the Options dialog box, on the Tools menu, click Options Select Enable Synchronization Rule Provisioning. To close the Options dialog box, click OK.
![Page 66: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/66.jpg)
Initialize the MIM MA:
Run a complete synchronization cycle on this connector. The complete cycle consists of the following run profiles:
Full Import Full Synchronization Export Delta Import
Open the Synchronization Service Manager and, on the Tools menu, click Management Agents. In the Management Agents list, select MIM MA. To open the Run Management Agent dialog box, on the Actions menu, click Run. For each run profile listed above, complete the following steps: To open the Run Management Agent dialog box, on the Actions menu, click Run. In the Run profiles list, select the run profile you want to run. To start the run profile, click OK.
The result is 3 records found from User Inbound Sync Rule and no sync errors
![Page 67: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/67.jpg)
![Page 68: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/68.jpg)
Initialize the ADMA: To populate the MIM Service database with the objects, you need to run a synchronization cycle on the ADMA connector. The cycle consists of: Export Full Import Full Synchronization Open the Synchronization Service Manager and in the Tools menu, click Management Agents. In the Management Agents list, select ADMA. To open the Run Management Agent dialog box, on the Actions menu, click Run. For each run profile listed above, complete the following steps: To open the Run Management Agent dialog box, on the Actions menu, click Run. In the Run profiles list, select the run profile you want to run. To start the run profile, click OK.
![Page 69: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/69.jpg)
I am getting replication access error 8453. Will have to investigate further.
Full Sync of ADMA was success without any information. Not sure, if I have to investigate this as well.
![Page 70: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/70.jpg)
Below is the fix for 8453 replication access error: 1. Open the Active Directory Users and Computers snap-in 2. On the View menu, click Advanced Features. 3. Right-click the domain object, such as "company.com", and then click Properties. 4. On the Security tab, if the desired user account is not listed, click Add; if the desired user account is listed, proceed to step 7. 5. In the Select Users, Computers, or Groups dialog box, select the desired user account, and then click Add. 6. Click OK to return to the Properties dialog box. 7. Click the desired user account. 8. Click to select the Replicating Directory Changes check box from the list. 9. Click Apply, and then click OK.
![Page 71: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/71.jpg)
I ran ADMA Full Import again and it completed without error. It located entire domain OU structure.
![Page 72: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/72.jpg)
There were 2 errors pertaining to Exchange System Mailbox. I guess this error can be IGNORED.
This concludes the whole process of installing, configuring and testing MIM 2016 SP1. Thanks Ram Lan – 19th Sep 2018
![Page 73: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/73.jpg)
TROUBLESHOOTING - 1:
After performing few test – When you opened the portal http://localhost/IdentityManagement - I was getting this error:
The solution is as follows:
Open Management Studio - Expand Databases – Select FIMService Database and execute this command
SELECT * FROM [FIMService].[fim].[Objects] WHERE ObjectKey = '2340'
![Page 74: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/74.jpg)
Open ADUC – Go to Users – Administrator and look for this info
Go to Management Studio and execute this command against FIMService database insert into [FIMService].[fim].UserSecurityIdentifiers values (2340,0x010500000000000515000000C2A2247694522122EC0E2D5EF4010000)
![Page 75: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/75.jpg)
Restart IIS Service.
Open Identity Management Portal and it should open.
TROUBLESHOOTING – 2:
I am getting this warning in the event viewer on MIM Server. Will have to investigate later and fix the issue. Based on Google it is certificate issue between MIM and EXCHANGE server.
![Page 76: Installing Microsoft Forefront Identity Manager 2016 SP1 ... · Installing Microsoft Forefront Identity Manager 2016 SP1 on Server 2016 with SQL 2016 ... Net-Framework-Features,rsat-ad-powershell,Web-Mgmt-Tools,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer](https://reader030.fdocuments.net/reader030/viewer/2022040204/5ec7ddf9900359606f38e450/html5/thumbnails/76.jpg)
https://social.technet.microsoft.com/wiki/contents/articles/17439.fim-troubleshooting-fim-service-polling-the-exchange-web-service-ews-fills-the-application-event-log.aspx - Followed this link to fix the issue
Above configuration did not fix the warning in Event Viewer on MIM Server. Still have to keep looking for possible solution.