Install MIM 2016: MIM Service and Portal
This walkthrough uses sample names and values from a company called Contoso. Replace these with your own. For example:
- Domain controller name - mimservername
- Domain name - contoso
- Password - Pass@word1
- Service account name - MIMService
If you didn't set up the MIM installation package in the last step, go back and install the Microsoft Identity Manager 2016 components before continuing.
Configure MIM Service and Portal for installation
Run the MIM Service and Portal installer from the unpacked Service and Portal sub-folder.
In the welcome screen, click Next.
Read the End-User License Agreement and click Next if you accept the license terms.
In the MIM Customer Experience Improvement Program screen, click Next.
When selecting component features for this deployment, make sure to include the MIM Service (except for MIM Reporting) and MIM Portal features. You can also select the MIM Password Reset Portal and MIM Password Change Notification Service.
On the Configure the MIM database connection page, choose Create a new database.
On the Configure mail server connection, enter the name of your Exchange server as Mail Server or you can use O365 Mailbox. If you do not have a mail server configured, use localhost as the mail server name and uncheck the top two checkboxes. Click Next.
Specify that you want to generate a new self-signed certificate, or select the relevant certificate.
Specify the Service Account name to use, for example MIMService, and the Service Account password, for example Pass@word1, your Service Account domain, for example contoso and the Service Email Account, for example contoso.
Note that a warning may appear that the Service Account is not secure in its current configuration.
Accept the defaults for the Synchronization Server location, and specify the MIM Management Agent account as contoso\MIMMA.
Specify CORPIDM (this computer's name) as MIM Service server address for the MIM Portal.
Specify http://mim.contoso.com as the SharePoint site collection URL.
Specify http://passwordregistration.contoso.com as the Password Registration URL port 80, recommend updating later with SSL cert on 443.
Specify http://passwordreset.contoso.com as the Password Reset URL port 80, recommend updating later with SSL cert on 443.
Select the checkbox to open ports 5725 and 5726 in the firewall, and the checkbox to grant all authenticated users access to MIM Portal.
Configure MIM Password Registration Portal
Set the service account name for SSPR Registration to contoso\MIMSSPR and its password to Pass@word1.
Specify passwordregistration.contoso.com as the Host Name for MIM Password Registration, and set the port to 80. Enable the Open port in firewall option.
A warning will appear – read it and click Next.
In the next MIM Password Registration Portal configuration screen, specify mim.contoso.com as the MIM Service Server Address for the Password Registration Portal.
Configure MIM Password Reset Portal
Set the service account name for SSPR Registration to Contoso\MIMSSPR and its password to Pass@word1.
Specify passwordreset.contoso.com as the Host Name for MIM Password Reset Portal, and set the port to 80. Enable the Open port in firewall option.
A warning will appear – read it and click Next.
In the next MIM Password Registration Portal configuration screen, specify mim.contoso.com as the MIM Service Server Address for the Password Reset Portal.
Install MIM Service and Portal
When all pre-installation definitions are ready, click Install to begin installing the selected Service and Portal components.
After installation completes, verify that the MIM Portal is active.
Launch Internet Explorer and connect to the MIM Portal on http://mim.contoso.com/identitymanagement. Note that there may be a short delay on the first visit to this page.
- If necessary, authenticate as contoso\miminstall to Internet Explorer.
In Internet Explorer, open the Internet Options, change to the security tab, and add the site to the Local intranet zone if it is not already there. Close the Internet Options dialog.
Enable users to view their own entry in MIM.
Using Internet Explorer, in MIM Portal, click on Management Policy Rules.
Search for the management policy rule, User management: Users can read attributes of their own.
Select this management policy rule, uncheck Policy is disabled.
Click OK and then click Submit.
Verify that the firewall allows incoming connections to TCP port 5725 and 5726.
Launch Administrative Tools » Windows Firewall with Advanced Security.
Click on Inbound Rules.
Verify that the two following rules appear:
Forefront Identity Manager Service (STS).
Forefront Identity Manager Service (Webservice).
Complete the wizard and close the Windows Firewall application.
Launch Control Panel » Network and Internet » View network status and tasks.
Verify that there is an active Network listed as contoso.local as a Domain network.
Close Control Panel.
Optional: At this point you can install MIM add-ins and extensions.