Overview & Setup of MIM Configuration as External Identity Manager in SharePoint 2016

Previous versions of SharePoint Server had a built-in copy of ForeFront Identity Manager (FIM) that ran inside SharePoint Server. That version of FIM powered the User Profile Synchronization for products like SharePoint Server 2010 and SharePoint Server 2013. But in SharePoint Server 2016, FIM has been removed in favor of Microsoft Identity Manager, which is the successor to the FIM technology. MIM is a separate server technology (not built-in to SharePoint Server). That means, if you have MIM running in your company, more than one SharePoint Server 2016 farm can rely upon it.  

In this blog I will talk about various  things  you need to follow to setup the MIM as External Identity Manager  for User Profile  Service Application .  The  2 Scenarios to setup UPA in 2016 would be

1. Upgrade  from  SharePoint 2013  Environment :

 If you need  to Migrate the existing User Profile data  to new SharePoint 2016 Environment , You can take The Backup of Profile Database & Social Database to create a New UPA in 2016 . There is no option to  Export  the Existing  FIM configuration  & import to MIM .   You would need to  setup a  New MIM installation &  follow the  Steps as provided  for  New Setup Configuration below .  Additional configuration will be required to  setup the existing Custom Property  Mappings , which  is also talked about Later in this article .

Note :The  Solution /Documentation provided  at GitHub site regarding upgrade scenario is obsolete  &  we are in the  process to update the same .

2. Fresh Installation of  User Profile Service Application using External Identity Manager ( MIM)

Please refer to the Links  below for  steps to Install , Deploy & Configure  MIM solution in SharePoint 2016 Post you have created

Install Microsoft Identity Manager for User Profiles in SharePoint Server 2016

Deploy a new Microsoft Identity Management (MIM) server for User Profile Sync in SharePoint 2016

MIM 2016 with SharePoint 2016 User Profile service: Import Custom Property from Active Directory


Additional Points  to Keep in Mind  before you Migrate  & Setup an External Identity Manager

 1. Always  use the Sync Setting in UPA  as "Active Directory Import " even if you plan to use an  External Identity Manager (MIM or Something else for that sake )  for Sync , due to  Known issues of Manager  & Audience Compilation Documented Here

2. If you  switch  between Active Directory Import / External Identity Manager  post initial configuration , Additional Steps may  be required for Sync to Work , Documented Here

3. Current Configuration of MIM supports  one way Sync from AD to  SharePoint .

4. The Scenario of  Picture export From SharePoint to  AD User object  is still not implemented as yet , So you would need Plan   around this before migrating .

5. There is no option  for BCS Integration to Augment additional Profile Properties as in SharePoint 2013 , This has to be natively dealt  via the options /Connectors which the  MIM solution provides  for Integration .

6. Although the Sync DB is provisioned in UPA Service application in 2016 , it is  not used & there just for  Compatibility reasons .  MIM Installation has its own  implementation of Sync DB managed separately outside if SharePoint.

7. You do not need to Start the Synchronization service  in the  SharePoint 2016 Farm at all , although it is still available .

8. You can create new User properties in UPA , however , the mappings can  no longer be performed in SharePoint .The mappings are now performed using the MIM’s MIISClient.exe utility

9. When you use External Identity Manager , you should enable the NetBIOSDomainNamesEnabled property on the UPA service application as soon as you create it to support scenarios where your domain’s NetBIOS name differs from domain’s FQDN name.


Post By : Rajan Kapoor [MSFT]