Install MIM 2016: MIM Service and Portal
Note
This walkthrough uses sample names and values from a company called Contoso. Replace these with your own. For example:
- Domain controller name - mimservername
- Domain name - contoso
- Password - Pass@word1
- Service account name - MIMService
Before you begin
- This guide is intended for installing Volume License edition of MIM. If your organization has Microsoft Entra ID P1 or P2 subscription or is using Microsoft Entra ID, then you will need to instead follow the guide for MIM Service in organizations licensed for Microsoft Entra ID P1 or P2.
Configure MIM Service and Portal for installation
Run the MIM Service and Portal installer from the unpacked Service and Portal sub-folder.
In the welcome screen, click Next.
Read the End-User License Agreement and click Next if you accept the license terms.
In the MIM Customer Experience Improvement Program screen, click Next.
When selecting component features for this deployment, make sure to include the MIM Service (except for MIM Reporting) and MIM Portal features. You can also select the MIM Password Reset Portal and MIM Password Change Notification Service.
On the Configure the MIM database connection page, choose Create a new database.
On the Configure mail server connection, enter the name of your Exchange server as Mail Server or you can use O365 Mailbox. If you do not have a mail server configured, use localhost as the mail server name and uncheck the top two checkboxes. Click Next.
Note
MIM 2016 SP2 and later: if you are using Group Managed Service Accounts, you must check Use different user for Exchange checkbox even if you do not plan to use Exchange.
Note
When Use Exchange Online option is selected, in order to enable MIM Service to process approval responses from the MIM Outlook Add-On, you need to set the registry key HKLM\SYSTEM\CurrentControlSet\Services\FIMService value of PollExchangeEnabled to 1 after installation.
Specify that you want to generate a new self-signed certificate, or select the relevant certificate.
Specify the Service Account name to use, for example MIMService, and the Service Account password, for example Pass@word1, your Service Account domain, for example contoso and the Service Email Account, for example contoso.
Note
MIM 2016 SP2 and later: if you are using Group Managed Service Accounts, you will need to ensure the the $ character is at the end of the Service Account Name, e.g. MIMService$, and leave the Service Account Password field empty.
Note that a warning may appear that the Service Account is not secure in its current configuration.
Accept the defaults for the Synchronization Server location, and specify the MIM Management Agent account as contoso\MIMMA.
Note
MIM 2016 SP2 and later: if you plan to use MIM Synchronization Service Group Managed Service Account in MIM Sync, and enable 'Use MIM Sync account' feature, then enter MIM Synchronization Service gMSA name as the MIM MA account, e.g. contoso\MIMSync$.
Specify CORPIDM (this computer's name) as MIM Service server address for the MIM Portal.
Specify
http://mim.contoso.com
as the SharePoint site collection URL.If not using Microsoft Entra ID for password reset, specify
http://passwordregistration.contoso.com
as the Password Registration URL port 80, recommend updating later with SSL cert on 443.If not using Microsoft Entra ID for password reset, specify
http://passwordreset.contoso.com
as the Password Reset URL port 80, recommend updating later with SSL cert on 443.Select the checkbox to open ports 5725 and 5726 in the firewall, and the checkbox to grant all authenticated users access to MIM Portal.
Configure MIM Password Registration Portal (optional, if not using Microsoft Entra ID for SSPR)
Set the service account name for SSPR Registration to contoso\MIMSSPR and its password to Pass@word1.
Specify passwordregistration.contoso.com as the Host Name for MIM Password Registration, and set the port to 80. Enable the Open port in firewall option.
A warning will appear – read it and click Next.
In the next MIM Password Registration Portal configuration screen, specify mim.contoso.com as the MIM Service Server Address for the Password Registration Portal.
Configure MIM Password Reset Portal (optional)
Set the service account name for SSPR Registration to Contoso\MIMSSPR and its password to Pass@word1.
Specify passwordreset.contoso.com as the Host Name for MIM Password Reset Portal, and set the port to 80. Enable the Open port in firewall option.
A warning will appear – read it and click Next.
In the next MIM Password Registration Portal configuration screen, specify mim.contoso.com as the MIM Service Server Address for the Password Reset Portal.
Install MIM Service and Portal
When all pre-installation definitions are ready, click Install to begin installing the selected Service and Portal components.
Post-installation tasks
After installation completes, verify that the MIM Portal is active.
Launch Internet Explorer and connect to the MIM Portal on
http://mim.contoso.com/identitymanagement
. Note, that there may be a short delay on the first visit to this page.- If necessary, authenticate as a user, that installed MIM Service and Portal, to Internet Explorer.
In Internet Explorer, open the Internet Options, change to the Security tab, and add the site to the Local intranet zone if it is not already there. Close the Internet Options dialog.
In Internet Explorer, open the Settings, change to the Compatibility view settings tab, and uncheck Display Intranet Sites in Compatibility view checkbox. Close Compatibility View dialog.
Enable non-administrators to access MIM Portal.
- Using Internet Explorer, in MIM Portal, click on Management Policy Rules.
- Search for the management policy rule, User management: Users can read attributes of their own.
- Select this management policy rule, uncheck Policy is disabled.
- Click OK and then click Submit.
Note
Optional: At this point you can install MIM add-ins and extensions and language packs.