« Previous 1 2 3 4
Sync identities with Microsoft Identity Manager
Identity Transfer
Setting up High Availability
As an admin, one question that you need to answer is how to handle high availability. The same applies to the MIM synchronization service. After all, this only synchronizes every few hours (depending on scheduling). If the server fails, a new one is quickly installed, probably between two cycles.
In scenarios where high availability is required, you might prefer a to deploy a second server, on which MIM is installed, in parallel. If you let it run permanently, as a virtual machine with up-to-date patches, but with the FIM synchronization service stopped, it can immediately jump into the breach in the event of a failure. The prerequisite for this is a central SQL server, which is not affected by the failure of the first MIM server, and the file with the encryption keys that was created at setup. Using miisactivate.exe
, this server's ID is then registered in the SQL database as the current server. The important thing here is to be sure the first server really is no longer running, and then you can proceed with the synchronization.
Conclusions
The possibilities offered by the MIM synchronization service are often underestimated. In the shadow of Azure AD Connect, which "only" offers synchronization with the cloud, MIM offers unforeseen possibilities for keeping a variety of sources in sync, including data transformation. I have only looked at the MA for AD, but it does not always have to be a directory service. Take the time and experiment in a test environment with the MAs for PowerShell or other MAs. This will certainly result in ideas for everyday administrative practice that can make your work easier.
Infos
- TechNet article "Understanding Data Synchronization with External Systems": https://technet.microsoft.com/en-us/library/ff608273(v=ws.10).aspx
- Software and hardware requirements for Azure AD: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-prerequisites
- Requirements for the synchronization service: https://technet.microsoft.com/en-us/library/hh332708(v=ws.10).aspx
- Azure AD account privileges: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissions#create-the-ad-ds-account
- Preparations for user provisioning in Office 365: https://support.office.com/en-gb/article/Prepare-to-provision-users-through-directory-synchronization-to-Office-365-01920974-9e6f-4331-a370-13aea4e82b3e?omkt=en-GB&ui=en-US&rs=en-GB&ad=GB
- Codeless Provisioning Framework: https://github.com/sorengranfeldt/mre/wiki
- Automating run profiles: https://social.technet.microsoft.com/wiki/contents/articles/12528.fim-reference-how-to-automate-run-profiles-via-the-script-button.aspx
- FIM/MIM MARunScheduler: https://github.com/sorengranfeldt/marunscheduler
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)