SharePoint 2016 and MIM 2016

by Robi 13. March 2018 21:18
Part 2 In my previous article, I described the procedure for successfully installing Microsoft Identity Manager 2016 on a server. We described the prerequisites for a successful installation of the MIM 2016 synchronization service. In this article, we will take a look at what needs to be done to install MIM 2016 and connect it to SharePoint 2016 Server. Installing MIM 2016 To install MIM 2016 you need the installation files for MIM 2016 Server. If you do, launch the MIM Synchronization Service Installer. On the Configure MIM Synchronization Service Database Connection step, make sure you type the name and instance of the SQL Server where you want to create the synchronization database. In the next step, you need to type the name of the service account that you created for the synchronization service. In most cases, this will be MIMSync. When the installer asks you about groups, enter the appropriate AD security groups, as shown in the screenshot. When you click next and confirm the warning message, the installation of MIM Server will begin. This is more or less everything SharePoint Server needs you to do from the MIM Server side. After MIM Server has been installed, it is recommended to install SP1 for MIM 2016. You need to be careful when doing that, because the SharePointSync.psm1 module requires some manual intervention when PowerShell is checking the version of the MIM PowerShell Assembly. You can read more about this on the following page: Microsoft Identity Manager 2016 Service Pack 1 is now available! Preparing MIM Server for integration with SharePoint 2016 SharePoint Connector The MIM Connector for SharePoint 2016 must also be installed after installing MIM Server. You can find it on the Microsoft Download portal. Download Forefront Identity Manager Connector for SharePoint User Profile Store from Official Microsoft Download Center SharePoint Connector is a MIM interface which allows us to use MIM synchronization to update profiles that are stored in the SharePoint User Profile Service Application. Integration To integrate MIM and SharePoint 2016 Server, Microsoft has prepared an example of integration and the necessary files. All the file are on the following GitHub portal: PnP-Tools/Solutions/UserProfile.MIMSync at master · SharePoint/PnP-Tools · GitHub We need to download the following files: SharePointSync.psm1 – a Windows PowerShell module for deploying and starting the synchronization solution. MA-AD.xml – This is the MIM management agent for Active Directory. MA-SP.xml – This is the MIM management agent for SharePoint Server. MV.xml – This XML file contains additional User Profile Synchronization configuration. I would also recommend reading Spencer Harbar's article who improved the script for creating a new SharePoint Management Agent and removed the need to reopen MA and enter the synchronization credentials again after enabling it. Enabling multiple OUs and avoiding credential touch up with the MIMSync "toolset" for SharePoint Server 2016 We need to save all of the files to a place on MIM Server and then run a PowerShell command, so the SharePoint management agent is created in MIM. But before you can run the command written below, you need to fill in the missing data, so the script can execute successfully. #import module Import-Module "X:\Scripts\MIM\UserProfile.MIMSync\SharePointSync.psm1"  # ======================================== variables ==================== #$path="C:\Users\mim_admin\Downloads\PnP-Tools-master\PnP-Tools-master\Solutions\UserProfile.MIMSync" $path="C:\Create-MIM-MAs\" $forestName="dev.local" $forestSyncUser="dev\mimsync" $ouUnit="OU=Zaposleni,dc=dev,dc=local" $forestSyncPass=ConvertTo-SecureString -AsPlainText -Force 'Pa$$w0rd' $forestSyncCred=New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $forestSyncUser,$forestSyncPass $spCentralAdminUrl="http://w-sp04:55555" $spadminUser="dev\sp16_admin_svc" $spadminPass=ConvertTo-SecureString -AsPlainText -Force 'Pa$$w0rd' $spAdminCred=New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $spadminUser,$spadminPass # ======================================== variables =====================  ### Install the SharePoint Sync Configuration Install-SharePointSyncConfiguration ` -Path $path ` -ForestDnsName $forestName ` -ForestCredential $forestSyncCred ` -OrganizationalUnit $ouUnit ` -SharePointUrl $spCentralAdminUrl ` -SharePointCredential $spAdminCred ` -Verbose    After the script has executed, you should see the following entries in MIM Server: With the following command you start the synchronization of MIM with SharePoint and AD servers and users from AD should show up in the SharePoint User Profile service application. ### Run the Synchronization Service management agents  Start-SharePointSync -Verbose I hope this article will help you configure integration between MIM and SharePoint Server. In case you have any additional questions, you can contact me at Robi Vončina SharePoint MVP


SharePoint 2016 | Microsoft Identity Manager

MIM 2016: Synchronization Service

by Robi 13. March 2018 21:11
In my previous article, I described the basic components of MIM 2016 Server. In this and future articles we will take a closer look at what MIM 2016 has to offer and how we can set up synchronization with different data sources. MIM 2016 Components MIM 2016 Server has the following components: Connected data sources. Management agents. Metaverse. Connector space. Data Source A data source is the place that contains information about identities we would like to synchronize. A source can be a database, Active Directory or even a plain text file. Management Agents A management agent is an agent that is responsible for a specific data source. Agents can manage synchronization in both ways; to MIM and back to the data source, depending on the requirements of identity management. Metaverse Metaverse is a MIM database, where identities from different sources that are managed by management agents (MA) are consolidated and saved. In metaverse, different objects from different data sources are joined together into one "identity" object. Connector Space A connector space is the staging ground before data is joined and written into metaverse. Because MIM 2016 is a "stateful" application and because sources we can connect to can be "stateless", MIM requires a mechanism with which to monitor changes made since the last synchronization. The connector space makes sure that data is imported into connector space, where it is checked to see what kind of changes were made to the data. These changes are then written into metaverse. The data in connector space is managed by a management agent. Supported Data Sources NameSupported versions of the connected data sourceActive Directory Domain ServicesActive Directory 2000, 2003, 2003 R2, 2008, 2008 R2, 2012Active Directory Lightweight Directory Services (ADLDS)Active Directory Lightweight Directory Services (ADLDS)Active Directory Global Address List (GAL)Active Directory Global Address List (GAL) – Exchange 2000, 2003, 2007, 2010, 2013Extensible Connectivity 2.0Any call-based or file-based data sourceMIM ServiceMicrosoft Docs 2016IBM DB2 Universal DatabaseIBM DB2 version 9.1, 9.5 or 9.7; IBM DB2 OLEDB v9.5 FP5 or v9.7 FP1IBM Directory ServerIBM Tivoli Directory Server 6.xNovell eDirectoryNovell eDirectory version 8.7.3, 8.8.5 and 8.8.6Oracle DatabaseOracle Database 10g or 11g; 64-bit clientMicrosoft SQL ServerSQL Server 2000, 2005, 2008, 2008 R2, 2012Oracle (previously Sun and Netscape) Directory ServersSun Directory Server 6.x, 7.x and Oracle 11Windows PowerShell Connector for FIM 2010 R2Windows PowerShell 2.0 or betterMicrosoft Azure Active Directory Connector for FIM 2010 R2Microsoft Azure Active DirectoryGeneric LDAP Connector for FIM 2010 R2LDAP v3 server (RFC 4510 compliant)Connector for Lotus DominoLotus Notes Release v8.0.x or v8.5.xSharePoint Services Connector for FIM 2010 R2SharePoint server 2013 or 2016 with User Profile service application (UPA)Connector for Web ServicesSAP ECC 5.0 or 6.0; Oracle PeopleSoft 9.1; Oracle eBusiness 12.1Attribute-Value Pair text fileAttribute-value pair text filesDelimited text fileDelimited text filesDirectory Services Mark-up Language (DSML)Directory Services Markup Language (DSML) 2.0Fixed-Width text fileFixed-width text filesLDAP Data Interchange Format (LDIF)LDAP Data Interchange Format (LDIF)Source: Synchronization Service Manager The Synchronization Service Manager is a tool which we use to manage MIM synchronization. The tool contains data about current or past operations, metaverse designer, metaverse search, joiner and management agents management. All the configuration data is stored in SQL databases. The configuration can be exported or imported with the Synchronization Manager tool, which can be a very helpful tool when migrating configuration from a test environment to production. This article is a very basic introduction to Synchronization Service and Synchronization Service Manager. In my next article I will write about configuring a management agent to synchronize with Active Directory and describe in more detail what management agents actually do. Robi Vončina Office Servers and Services MVP


Microsoft Identity Manager


<<  October 2018  >>

View posts in large calendar

Page List

Month List