We addressed the pre-requisites here. As you can see, there was quite a bit to accomplish to even start working on MIM. Now for the good stuff. There’s essentially two components in play for the bulk of the installs. You have the Synchronization service as well as the portal which covers the bulk of the MIM install. It’s worth noting that plenty of mistakes can be made here, so think and plan this one out carefully.
To start, I’m going to make a couple notes:
1) Log on as the MIMInstall account. I mentioned this before, but there does seem to be some ties into the account that installs it. I recommend a generic install account here that is an admin on the server in question. You can disable it later on once you’ve granted all the appropriate rights and what not and simple re-enable as needed.
2) Once you have the CD/ISO mounted, create a temp folder somewhere for logging information. You may need it. Launch an elevated command prompt and run the following from the synchronization service folder in the CD (I’m using c:\temp for my temp folder):
msiexec /i “Synchronization service.msi” /L*v c:\temp\MIM_SyncService_Install.log
That will create a log file in the c:\temp folder, which can be useful if you need to troubleshoot.
Click Next through the first wizard and accept the license agreement and click next again.
This screen as well is pretty straight forward, click next:
Here’s where you have hopefully made a choice, I’m hosting my SQL server locally, but if you aren’t, you need to change this.
The next screen wants the creds to your MIM Service Account. This is also pretty easy.
Next are the various groups you created previously (by the way, if you haven’t already done this, add the appropriate people to the Admins group):
You probably want to open firewall ports. If you aren’t using Windows Firewall, you’ll want to do this manually:
At this point, you can click Install. I’ll save you the boring screenshot, and the install shouldn’t take too long. That said, you’ll want to launch the Synchronization service once done. If it doesn’t start, you have a problem. Go back and figure this out, because trust me, if this isn’t working right, it makes the portal portion even harder. When it’s working, you should see this screen when you launch it without error:
If you have don’t this already, you might want to get around to those aliases I mentioned in the first piece. You’re going to install the portal next, which sits on top of the SharePoint site collection you setup previously. You can still work off of the CD you mounted earlier, but you’ll need to navigate to the service and portal folder and run the following command:
msiexec /i “Service and Portal.msi” /L*v c:\temp\MIM_Service_Install.log
It’s the same concept. You’re putting a log in c:\temp so you can troubleshoot what’s going on here. Like before, you can click next through welcome and accept the licensing agreement. You can decide at this point if you want to use PAM. I chose no here, as this is a lab. It is, however, something that’s highly encouraged as it enables just in time administration.
Next, you identify a database server and database name:
If you have Exchange running locally or online, do something here. I don’t at this point, so I’m going to uncheck the top two boxes and set this to localhost:
In a prod environment, I’d have a CA doing a real certificate, for what that’s worth. Here, I’ll use a self-signed:
Next, you define that service account. Note the warning here about that email. It’s kind of important.
Depending on how you configured it, you may receive a warning about the account being insecure. Go back to the guide and figure that part out. Ensure you did it right. Next you need the Management Agent Account. The server name here is the server where the synchronization service was previously installed. I kept these all on the same machine, but I’m also running this in lab with one user.
Side note, but if you get this warning, cancel the install and revisit issues with the Synchronization service:
If you don’t, you’ll move on to this screen. Enter the server name hosting the SharePoint Site Collection:
And then enter the site collection URL you created earlier:
Now you’ll be prompted for the password registration portal URL… note that this does need to have the http, it’s cut off in my screenshot. And for some silly reason, MSFT has * in front of the URL in their example. Don’t do that. I tried it for fun. It doesn’t work.
Now for ports, like before, open them if you have the Windows firewall on. If not, call your Firewall person and have him/her do it:
And you thought we were done . Not even close. One more service account, this time your sspr which I’d add will be done again shortly. Also, You need the password registration URL (without the HTTP this time) and you might want to open ports. Note that I’m doing this on 80 because I don’t have a CA. But if you do, you should issue a web cert here and use 443.
If you use 80, you’ll get a security warning. Otherwise, you need to enter the servername hosting the MIM Service.I did choose to keep this internal, but you may want this on an extranet. Choose accordingly:
And for grins, you get to put your SSPR in again, this time referencing the password reset portal:
If you’re not secure here (i.e. no https), you’ll get another warning. Go back and setup https. But if not, click next. That brings you to this screen, much like the above. This time though, you need to configure the password reset URL to go with the server hosting the MIM Service installed above:
Now you’re done (sort of). Click Install. If you have no errors, you can go on to the next part.