Overview & Setup of MIM Configuration as External Identity Manager in SharePoint 2016
Previous versions of SharePoint Server had a built-in copy of ForeFront Identity Manager (FIM) that ran inside SharePoint Server. That version of FIM powered the User Profile Synchronization for products like SharePoint Server 2010 and SharePoint Server 2013. But in SharePoint Server 2016, FIM has been removed in favor of Microsoft Identity Manager, which is the successor to the FIM technology. MIM is a separate server technology (not built-in to SharePoint Server). That means, if you have MIM running in your company, more than one SharePoint Server 2016 farm can rely upon it.
In this blog I will talk about various things you need to follow to setup the MIM as External Identity Manager for User Profile Service Application . The 2 Scenarios to setup UPA in 2016 would be
1. Upgrade from SharePoint 2013 Environment :
If you need to Migrate the existing User Profile data to new SharePoint 2016 Environment , You can take The Backup of Profile Database & Social Database to create a New UPA in 2016 . There is no option to Export the Existing FIM configuration & import to MIM . You would need to setup a New MIM installation & follow the Steps as provided for New Setup Configuration below . Additional configuration will be required to setup the existing Custom Property Mappings , which is also talked about Later in this article .
Note :The Solution /Documentation provided at GitHub site regarding upgrade scenario is obsolete & we are in the process to update the same .
2. Fresh Installation of User Profile Service Application using External Identity Manager ( MIM)
Please refer to the Links below for steps to Install , Deploy & Configure MIM solution in SharePoint 2016 Post you have created
Additional Points to Keep in Mind before you Migrate & Setup an External Identity Manager
1. Always use the Sync Setting in UPA as "Active Directory Import " even if you plan to use an External Identity Manager (MIM or Something else for that sake ) for Sync , due to Known issues of Manager & Audience Compilation Documented Here
2. If you switch between Active Directory Import / External Identity Manager post initial configuration , Additional Steps may be required for Sync to Work , Documented Here
3. Current Configuration of MIM supports one way Sync from AD to SharePoint .
4. The Scenario of Picture export From SharePoint to AD User object is still not implemented as yet , So you would need Plan around this before migrating .
5. There is no option for BCS Integration to Augment additional Profile Properties as in SharePoint 2013 , This has to be natively dealt via the options /Connectors which the MIM solution provides for Integration .
6. Although the Sync DB is provisioned in UPA Service application in 2016 , it is not used & there just for Compatibility reasons . MIM Installation has its own implementation of Sync DB managed separately outside if SharePoint.
7. You do not need to Start the Synchronization service in the SharePoint 2016 Farm at all , although it is still available .
8. You can create new User properties in UPA , however , the mappings can no longer be performed in SharePoint .The mappings are now performed using the MIM’s MIISClient.exe utility
9. When you use External Identity Manager , you should enable the NetBIOSDomainNamesEnabled property on the UPA service application as soon as you create it to support scenarios where your domain’s NetBIOS name differs from domain’s FQDN name.
Post By : Rajan Kapoor [MSFT]