Gold Application Development
Gold Data Analytics
Gold Cloud Platform
Gold Cloud Productivity
Gold Enterprise Mobility Management
Silver Messaging
Silver Collaboration and Content
Silver Small and Midmarket Cloud Solutions
Certified Gold Partner for over 20 years
Yesterday Microsoft released an important Hotfix rollup package for MIM 2016 SP1, the build number is 4.5.286.0. Info: Hotfix rollup package (build 4.5.286.0) is available for Microsoft Identity Manager 2016 Service Pack 1. Download: Update for Microsoft Identity Manager 2016 SP1 (KB4469694) The main issue fixed is the following. Decentralized identity is a trust framework in which identifiers, such as usernames, can be replaced with IDs that are self-owned, independent, and enable data exchange using blockchain and distributed ledger technology to protect privacy and secure transactions. This entry was posted in Access Governance, Azure Active Directory, Azure AD Connect Sync, MIM (Microsoft Identity Manager) 2016 and tagged AAD, Identity Lifecycle, MIM2016. Bookmark the permalink. ← Problems registering SQL2016 PSSnapin for #MIM2016 PS workflow activity. Microsoft Identity Manager 2016 (MIM2016) Forefront Identity Manager 2010 R2 (FIM2010R2) Microsoft.NET 4.0 Framework; Install Instructions.
The Challenges
Microsoft Identity Manager Roadmap
- We need to support virtual smart cards
- We want to use hybrid identities but have a multi-forest AD topology
What is Microsoft Identity Manager (MIM)?
Microsoft Identity Manager (MIM) helps you manage the users, credentials, policies, and access within your organization. It does this using
- A web portal for password resets, group management, and administrative operations;
- A web service that implements identity management functionality; and
- A synchronization Service that synchronizes data with other identity systems.
MIM 2016 provides new features such as:
- Privileged Identity Management, which controls and manages administrative access by providing temporary, task-based access to sensitive resources.
- New functionality in certificate management
- Certificate Management REST API Reference
- Support for multi-forest topologies.
- A Windows app for virtual smartcard
- Updated events and troubleshooting capabilities.
- Account Unlock and Azure MFA (multifactor authentication) gate for Password Reset.
Why do you need MIM?
Compliance…Your organization needs to ensure appropriate access to resources across different technologies. This is becoming more important as your organization works with both customers and vendors that require stricter security around managing their data.
Reducing support costs…Your organization has multiple sources of identity information, and these sources need to be kept in sync with each other, and more importantly with a system or record that defines what is current. You need an easy-to-use system for setting and resetting passwords and setting multifactor authentication (MFA). Your organization needs to delegate responsibility for managing some identity data.
Identity integration… Much of your organization’s identity data lives on different systems, some of which (like Azure AD) may be outside of your organization. This data needs to be integrated with your on-premises identity data sources.
Authentication management…You need to manage other forms of identity authentication such as smartcards or software certificates.
Authorization managment…You need more granular control over administrative access to identity data sources
Business-critical needs…Your organization has business workflows that must change identity data, such as last name or employment status.
How can B2B help?
Here at B2B, our consultants can help you
- Recommend solutions for integrating Microsoft Identity Manager with new and existing identity providers and their dependent data sources
- Create configure, and support test and production MIM environments
- Train IT admins and power users in the use of Microsoft Identity Manager’s many components such as the self-service and password reset portals
- Build custom solutions to support business-specific identity management requirements.
-->This article outlines the approaches for licensing Microsoft Identity Manager (MIM) 2016, with pointers on where to download the software.
Licensing MIM for your organization
Microsoft Identity Manager 2016 is licensed on a per-user basis. The details on licensing are included in the Product Terms and related documents, which can be downloaded from the licensing terms page.
Licensing for Azure AD Premium customers
Microsoft Identity Manager 2016 is included with Azure Active Directory Premium (P1 and P2), which is part of Enterprise Mobility + Security.
Azure AD Premium is available through a Microsoft Enterprise Agreement, the Open Volume License Program, and the Cloud Solution Providers program. Azure and Microsoft 365 subscribers can also buy Azure Active Directory Premium P1 and P2 online. Read more at Azure Active Directory pricing.
MIM CALs
Microsoft Identity Manager Lab
If you do not have Azure Active Directory Premium subscriptions for your users, and are using more MIM capabilities beyond synchronization, then a Client Access License (CAL) is required for each user whose identity is managed in MIM. If you want external users—such as business partners, external contractors, or customers—to be able to access MIM, you can acquire CALs for each of your external users, or acquire External Connector (EC) licenses. Microsoft Identity Manager 2016 CALs are not required for users whose identity is only in the Microsoft Identity Manager synchronization service and is not managed in any other MIM component.
Licenses for platform components
A Windows Server license is required to use Microsoft Identity Manager 2016’s server software as a Windows Server add-on. And a MIM deployment also requires a SQL Server installation. Windows Server and SQL Server licenses are not included with MIM.
Obtaining MIM software
Before starting a new install of MIM or an upgrade from an earlier version, ensure you have the latest versions. Atomixproductions driver download for windows.
If you are starting a fresh install, you will need to download the installation files for each MIM component that is relevant to your scenario. Then, download any updates for those files, and then download any additional components that are separate downloads from the Download Center.
| Scenario | Component | Required for scenario? | DVD ISO folder name | Comments |
|---|---|---|---|---|
| Synchronization | Sync Service (including connector to AD) | Yes | Synchronization Service | |
| Synchronization | PCNS | No | Password Change Notification Service | To be installed on domain controllers |
| Synchronization | Connectors for LDAP, SQL, Web Services, PowerShell, Lotus Domino, Graph | No | N/A | Distributed via Download Center |
| Privileged Access Management | MIM Service | Yes | Service and Portal | |
| Self-service | MIM Service, MIM Portal | Yes | Service and Portal | |
| Self-service | Add-ins and extensions | No | Add-ins and extensions | To be installed on end-user PCs |
| Self-service | SCSM Reporting | No | Data Warehouse Support Scripts | |
| Self-service | Hybrid reporting agent | No | N/A | Distributed via Download Center |
| Self-service | Language packs | No | LANGUAGE Packs | |
| Certificate Management | CM | Yes | Certificate Management | |
| Certificate Management | CM Bulk Client | No | CM Bulk Client | |
| Certificate Management | CM Client | No | CM Client | |
| Certificate Management | CM App for Windows | No | FIMCMModernApp* |
Obtaining Windows installer packages
For a new installation, most organizations with Volume License agreements download the MIM installation packages from the Volume Licensing Service Center. The DVD ISO file contains one folder for each MIM component: Synchronization Service, Service and Portal, etc. If you are going to install the software on a different computer from which you downloaded it, be sure to copy either the entire ISO file or the folder for the component: do not merely copy just an MSI file out of a folder without the rest of the files and sub-folders.
If you do not have access to the Volume Licensing Service Center and have a subscription for Azure AD Premium P1 or P2, you can download the Azure AD Premium edition of MIM 2016. This edition includes the Synchronization Service and Service and Portal components of MIM 2016 SP2. All the changes from published hotfixes as of March 2021 are included in the installers. The MIM Service installer for the Azure AD Premium edition, in order to validate your subscription, requires internet connectivity and will ask you to provide Azure AD credentials with enough permissions to read subscribedSKUs.
If you do not have access to the Volume Licensing Service Center, customers with an appropriate developer subscription can also download MIM 2016 SP2 as an ISO file from Visual Studio My Benefits Downloads. Search for 'Microsoft Identity Manager 2016 with Service pack 2'.
Obtaining updates
After installing MIM from an MSI file, you should next install the necessary hotfixes.
Check the Identity Manager version release history for the most recent update release, which has a link to the download site for the installer patch files.
To determine which update files are necessary, this table lists the components and the name of the corresponding patch (MSP) file in an update.
| Scenario | Component | DVD ISO folder name | Corresponding update patch file name |
|---|---|---|---|
| Synchronization | Sync Service | Synchronization Service | MIMSyncService_x64*.msp |
| Self-service | MIM Service, MIM Portal | Service and Portal | MIMService_x64*msp |
| Self-service | Add-ins and extensions | Add-ins and extensions | MIMAddinsExtensions*msp |
| Self-service | Language packs | LANGUAGE Packs | LANGUAGE Packs.zip |
| Access management (BHOLD) | BHOLD | BHOLD | AccessManagementConnector.msi, BHOLD*.msi |
| Certificate Management | CM | Certificate Management | MIMCM*.msp |
| Certificate Management | CM Bulk Client | CM Bulk Client | MIMCMBulkClient*msp |
| Certificate Management | CM Client | CM Client | MIMCMClient*msp |
Be sure to read any release notes associated with the update prior to installing the MSP file.
Updates to BHOLD are not distributed as MSP files, only as MSI installers.
Additional downloads
The following downloads may also be relevant:
Next steps
- Learn more on scenarios delivered in Microsoft Identity Manager 2016.
- Read the capacity planning guide.
- Deploy MIM for a synchronization scenario.