Installing MIM 2016

Jeff Adkin
PLURALSIGHT AUTHOR

@JeffAdkin www.JAdkin.com
Summary Add MIM Group Membership and SPN’s
FIM Service
Installing MIM Sync
Installing MIM 2016
Management Policy Rule
Add MIM Group Membership and SPN’s
 Tale of the 2 Accounts

MIMSync MIMMAgent
The Management Agent
The MIMSync account needs
account needs permissions of
permissions to the FimService.
the MIMSync Admin group.
Set-SPN –S FIMService/mim2016 Globomantics\mimsync
Set-SPN –S FIMService/mim2016.Globomantics.ca
Globomantics\mimsync
Set-SPN –L globomantics\mimsync

Setting the FIMService SPN

Setting the SPN for the FIMService allows the MIMSync account to
have permission to the service on the specific server.
Demo

Add SPN for MIMSync account

Add-ADGroup –Identity MIMSyncAdmins –Members MIMMAgent

Adding the Account to the Group

The MIMMAgent needs to be part of the MIMSyncAdmins groups so it
can read and make changes to the sync.
Demo
Add MIMMAgent Account to
MIMSyncAdmin Group
FIM Service
FIM Services

FIM Synchronization
Service must be running
and FIM Manager Service
set to Automatic
Demo
Set the FIM Services to be Automatic
Enable the FIM Identity Management
Sync Service
Installing MIM Sync
 MIM Sync

MIM
MIM SYNC Management MIM SERVICE
Agent
 SQL Server Name
SQL Server Instance
MIMSync Installation
Service Account
MIM 2016 Groups
Encryption Key
The Encryption Key allows you to restore your
Synchronization Service. Without the Encryption Key
you will not be able to decrypt the MIM database and
would have to rebuild the Synchronization Service.
Demo

Installing MIM Sync

Installing MIM 2016
 Four Components of the Installation

MIM Service (Including PAM) MIM Portal

MIM Password Registration

MIM Password Reset Portal
Portal
Privileged Access
Management (PAM) is a
solution that helps
organizations restrict
privileged access within an
existing Active Directory
environment.
 Two Main Goals of PAM

Goal 1 Goal 2
Re-establish control over a Isolate the use of privileged
compromised Active Directory accounts to reduce the risk of
environment. those credentials being stolen.
Prepare
- Identify which groups
in your existing forest
have significant
privileges. Recreate
these groups without
members in the
bastion forest.
Protect
- Set up lifecycle and authentication
protection, such as Multi-Factor
Authentication (MFA), for when
users request just-in-time
administration.
Demo

Install MIM 2016

Management Policy Rule
Management Policy Rules
(MPRs) provide a
mechanism for modeling
business processing rules
for incoming requests to a
server running MIM 2016.
 Scenario

Change to MPR Triggers

MPR is
User or Specific
Triggered
Group Workflow
Management Policy Rule
Demo
Enable MPR “User management: User can
read attributes of their own”