SharePoint 2016 and MIM 2016

by Robi 13. March 2018 21:18

Part 2

In my previous article, I described the procedure for successfully installing Microsoft Identity Manager 2016 on a server. We described the prerequisites for a successful installation of the MIM 2016 synchronization service. In this article, we will take a look at what needs to be done to install MIM 2016 and connect it to SharePoint 2016 Server.

Installing MIM 2016

To install MIM 2016 you need the installation files for MIM 2016 Server. If you do, launch the MIM Synchronization Service Installer.

On the Configure MIM Synchronization Service Database Connection step, make sure you type the name and instance of the SQL Server where you want to create the synchronization database.

In the next step, you need to type the name of the service account that you created for the synchronization service. In most cases, this will be MIMSync.

When the installer asks you about groups, enter the appropriate AD security groups, as shown in the screenshot.

When you click next and confirm the warning message, the installation of MIM Server will begin. This is more or less everything SharePoint Server needs you to do from the MIM Server side.

After MIM Server has been installed, it is recommended to install SP1 for MIM 2016. You need to be careful when doing that, because the SharePointSync.psm1 module requires some manual intervention when PowerShell is checking the version of the MIM PowerShell Assembly. You can read more about this on the following page:

Microsoft Identity Manager 2016 Service Pack 1 is now available!

Preparing MIM Server for integration with SharePoint 2016

SharePoint Connector

The MIM Connector for SharePoint 2016 must also be installed after installing MIM Server. You can find it on the Microsoft Download portal.

Download Forefront Identity Manager Connector for SharePoint User Profile Store from Official Microsoft Download Center

SharePoint Connector is a MIM interface which allows us to use MIM synchronization to update profiles that are stored in the SharePoint User Profile Service Application.


To integrate MIM and SharePoint 2016 Server, Microsoft has prepared an example of integration and the necessary files. All the file are on the following GitHub portal:

PnP-Tools/Solutions/UserProfile.MIMSync at master · SharePoint/PnP-Tools · GitHub

We need to download the following files:

  1. SharePointSync.psm1 – a Windows PowerShell module for deploying and starting the synchronization solution.
  2. MA-AD.xml – This is the MIM management agent for Active Directory.
  3. MA-SP.xml – This is the MIM management agent for SharePoint Server.
  4. MV.xml – This XML file contains additional User Profile Synchronization configuration.

I would also recommend reading Spencer Harbar's article who improved the script for creating a new SharePoint Management Agent and removed the need to reopen MA and enter the synchronization credentials again after enabling it.

Enabling multiple OUs and avoiding credential touch up with the MIMSync "toolset" for SharePoint Server 2016

We need to save all of the files to a place on MIM Server and then run a PowerShell command, so the SharePoint management agent is created in MIM. But before you can run the command written below, you need to fill in the missing data, so the script can execute successfully.

#import module

Import-Module "X:\Scripts\MIM\UserProfile.MIMSync\SharePointSync.psm1"


# ======================================== variables ====================






$forestSyncPass=ConvertTo-SecureString -AsPlainText -Force 'Pa$$w0rd'

$forestSyncCred=New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $forestSyncUser,$forestSyncPass



$spadminPass=ConvertTo-SecureString -AsPlainText -Force 'Pa$$w0rd'

$spAdminCred=New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $spadminUser,$spadminPass

# ======================================== variables =====================


### Install the SharePoint Sync Configuration

Install-SharePointSyncConfiguration `

-Path $path `

-ForestDnsName $forestName `

-ForestCredential $forestSyncCred `

-OrganizationalUnit $ouUnit `

-SharePointUrl $spCentralAdminUrl `

-SharePointCredential $spAdminCred `




After the script has executed, you should see the following entries in MIM Server:

With the following command you start the synchronization of MIM with SharePoint and AD servers and users from AD should show up in the SharePoint User Profile service application.

### Run the Synchronization Service management agents


Start-SharePointSync -Verbose

I hope this article will help you configure integration between MIM and SharePoint Server. In case you have any additional questions, you can contact me at

Robi Vončina

SharePoint MVP


SharePoint 2016 | Microsoft Identity Manager

Add comment


<<  October 2018  >>

View posts in large calendar

Page List

Month List