« Previous 1 2 3 4

Sync identities with Microsoft Identity Manager

Identity Transfer

Setting up High Availability

As an admin, one question that you need to answer is how to handle high availability. The same applies to the MIM synchronization service. After all, this only synchronizes every few hours (depending on scheduling). If the server fails, a new one is quickly installed, probably between two cycles.

In scenarios where high availability is required, you might prefer a to deploy a second server, on which MIM is installed, in parallel. If you let it run permanently, as a virtual machine with up-to-date patches, but with the FIM synchronization service stopped, it can immediately jump into the breach in the event of a failure. The prerequisite for this is a central SQL server, which is not affected by the failure of the first MIM server, and the file with the encryption keys that was created at setup. Using miisactivate.exe, this server's ID is then registered in the SQL database as the current server. The important thing here is to be sure the first server really is no longer running, and then you can proceed with the synchronization.

Conclusions

The possibilities offered by the MIM synchronization service are often underestimated. In the shadow of Azure AD Connect, which "only" offers synchronization with the cloud, MIM offers unforeseen possibilities for keeping a variety of sources in sync, including data transformation. I have only looked at the MA for AD, but it does not always have to be a directory service. Take the time and experiment in a test environment with the MAs for PowerShell or other MAs. This will certainly result in ideas for everyday administrative practice that can make your work easier.

Infos

  1. TechNet article "Understanding Data Synchronization with External Systems": https://technet.microsoft.com/en-us/library/ff608273(v=ws.10).aspx
  2. Software and hardware requirements for Azure AD: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-prerequisites
  3. Requirements for the synchronization service: https://technet.microsoft.com/en-us/library/hh332708(v=ws.10).aspx
  4. Azure AD account privileges: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissions#create-the-ad-ds-account
  5. Preparations for user provisioning in Office 365: https://support.office.com/en-gb/article/Prepare-to-provision-users-through-directory-synchronization-to-Office-365-01920974-9e6f-4331-a370-13aea4e82b3e?omkt=en-GB&ui=en-US&rs=en-GB&ad=GB
  6. Codeless Provisioning Framework: https://github.com/sorengranfeldt/mre/wiki
  7. Automating run profiles: https://social.technet.microsoft.com/wiki/contents/articles/12528.fim-reference-how-to-automate-run-profiles-via-the-script-button.aspx
  8. FIM/MIM MARunScheduler: https://github.com/sorengranfeldt/marunscheduler

« Previous 1 2 3 4

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Lead Image © skaisbon, photocase.com
    Monitor Active Directory with Azure AD Connect Health
    Microsoft cloud service Azure Active Directory Connect Health supports monitoring of Active Directory, especially in large and distributed environments, but the tool is also useful for monitoring hybrid landscapes using Azure Active Directory.
    more »
  • Photo by Alessandro Erbetta on Unsplash
    Azure AD and AD Domain Services for SMEs
    Azure Active Directory Domain Services is a Microsoft product, distinct from Active Directory and Azure Active Directory, that offers centralized directory services in the cloud in place of an often convoluted on-premises operation.
    more »
  • Lead Image © Mikko J. Pitkänen, Fotolia.com
    Private cloud with Microsoft Azure Stack
    Azure Stack is an Azure extension that implements an on-premises data center for consistent hybrid cloud deployments.
    more »
  • Photo by Kelly Sikkema on Unsplash
    Recovering from a cyberattack in a hybrid environment
    Restoring identity is an important part of disaster recovery, since it lays the foundation for restoring normality and regular operations. We look into contingency measures for hybrid directory services with Entra ID, the Graph API, and its PowerShell implementation.
    more »
  • Lead Image © Charles Gibson, 123RF.com
    Replication between SQL Server and Azure SQL
    Wherever Microsoft SQL Server runs on local networks, individual or all databases can be migrated to Azure SQL by transactional replication. Various opportunities unfold, including analytics in the Azure cloud and global access routes for mobile users and home and branch offices.
    more »
comments powered by Disqus