Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
This walkthrough uses sample names and values from a company called Contoso. Replace these with your own. For example:
- Domain controller name - corpdc
- Domain name - contoso
- MIM Service Server name - corpservice
- MIM Sync Server name - corpsync
- SQL Server name - corpsql
- Password - Pass@word1
To install Microsoft Identity Manager 2016 components, first set up the installation package.
Sign in as contoso\miminstall to the server you're using for identity management synchronization server corpsync.
Unpack the MIM installation package or mount the MIM image DVD. If you don't have this DVD, see Microsoft Identity Manager licensing and downloads.
Install MIM 2016 SP3 or later Synchronization Service
In the unpacked MIM installation folder, navigate to the Synchronization Service folder.
Run the MIM Synchronization Service installer. Follow the guidelines of the installer and complete the installation.
In the welcome screen – select Next.

Review the license terms, check I accept the terms in the License Agreement to accept them, then select Next.

On the Custom Setup screen, select Next.

In the Sync Service database configuration screen, select:
The SQL Server is located on:
- Local SQL Server for installations with local SQL servers
- Remote SQL Server for installations with remote SQL servers and enter the SQL Server Name, for example corpsql.contoso.com
- Azure SQL Server for installations with Azure SQL servers and enter the SQL Server Name, for example azuresqlserver.database.windows.net
The SQL Server instance is: The default instance

Skip to step 9 for Local SQL Server and Remote SQL Server
MIM 2016 SP3 and later: Configure the MIM Synchronization Service Database name
Select the Azure SQL authentication type:

Skip to step 9 for System-assigned Managed Identity
Enter the Principal ID of the User-Assigned Managed Identity

Set the database name for synchronization service and select Next:

Configure the Sync Service Account according to the account you created earlier:
Service account: MIMSync
Password: Pass@word1
Service Account Domain or local computer name: contoso
Note
MIM 2016 SP3 and later: for Group Managed Service Accounts, ensure the $ character is at the end of the Service Account Name, e.g. MIMSync$, and leave the Password field empty.

Provide MIM Sync Service installer with the relevant security groups:
Administrator = contoso\MIMSyncAdmins
Operator = contoso\MIMSyncOperators
Joiner = contoso\MIMSyncJoiners
Connector Browse = contoso\MIMSyncBrowse
WMI Password Management = contoso\MIMSyncPasswordReset

In the security settings screen, check Enable firewall rules for inbound RPC communications, and select Next.

Select Install to begin the installation of MIM Sync Service.
A warning concerning the MIM Sync service account may appear – select OK.
MIM Sync Service installs.
A notice on creating a backup for the encryption key appears – select OK, then select a folder to store the encryption key backup.

When the installer successfully completes the installation, select Finish.
You need to sign out and sign in for the group membership changes to take effect. Select Yes to sign out.