Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Microsoft Identity Manger with SharePoint 2016 to fill the User Profile Sync Gap Max Fritz Senior Systems Consultant Now Micro.

Published byMeryl Malone Modified over 5 years ago

Similar presentations

Presentation on theme: "Using Microsoft Identity Manger with SharePoint 2016 to fill the User Profile Sync Gap Max Fritz Senior Systems Consultant Now Micro."— Presentation transcript:

1 Using Microsoft Identity Manger with SharePoint 2016 to fill the User Profile Sync Gap
Max Fritz Senior Systems Consultant Now Micro

2 Max Fritz Senior Consultant MCSA Office 365, MCSE Productivity
Founder/President of Minnesota Office 365 User Group Working with Office 365 for over 6 years Specialize in the Education & Government Industries Focus in Azure AD, Exchange, and SharePoint Online Contact Details Twitter Blog: maxafritz.com LinkedIn : in/maxafritz

3 Agenda User Profile Sync Overview Microsoft Identity Manager Overview
History Setup Configuration

4 What is (was) SharePoint User Profile Sync?
A way for user properties to be synchronized to SharePoint from Active Directory (and back) Department, Description, Profile Picture, Phone, etc… Allows that information to be accessed within SharePoint, and synchronized back to active directory In , SharePoint uses a lightweight, built in, version of FIM One of the most frustrating services within SharePoint

5 What is Microsoft Identity Manager?
Successor to Forefront Identity Manager Introduced in 2016 Manage the users, credentials, policies, and access within your organization Provide self service group management and user properties management through a web interface Synchronize identities across platforms Privileged Access Management for administrator accounts

6 History Lesson

7 SharePoint User Profile Sync History
Import from AD SharePoint 2010 Built in FIM SharePoint 2013 AD Import SharePoint 2016

8 SharePoint User Profile Sync History
2010: SharePoint got together with FIM team Built a lightweight version of FIM for use in SharePoint Required a lot of maintenance Failed to start constantly All around frustrating SharePoint 2007 Import from AD SharePoint 2010 Built in FIM SharePoint 2013 AD Import SharePoint 2016

9 SharePoint User Profile Sync History
2013: Oops Built in FIM didn’t work so well Introduced AD Import Easier to configure and run Less features Kept Built in FIM as an option SharePoint 2007 Import from AD SharePoint 2010 Built in FIM SharePoint 2013 AD Import SharePoint 2016

10 SharePoint User Profile Sync History
2016: AD Import extremely popular in 2013 Led to the removal of Built in FIM completely Those who need FIM features can deploy MIM Easier to manage when it’s deployed separately SharePoint 2007 Import from AD SharePoint 2010 Built in FIM SharePoint 2013 AD Import SharePoint 2016

11 MIM vs Active Directory Import (ADI) With SharePoint 2013 or 2016
Pros Flexibility allows for customized import. Can be customized for bidirectional flow. Imports user profile photos automatically. Supports non-Active Directory LDAP sources. Multi-forest scenarios are supported. Very fast and performant. Known to be reliable (used by Office 365). Configurable inside of Central Administration. (Less complex.) Cons A separate MIM server is recommended for use with your SharePoint farm. The more customized the more complex the architecture, deployment, and management. Import is unidirectional (changes go from Active Directory to SharePoint Server Profile). Import from a single Active Directory forest only. Does not import user photos. Supports Active Directory LDAP only. Multi-forest scenarios are not supported.

12 Deploying MIM 2016 One of the more difficult tools to deploy from Microsoft They failed to take the “F” out of “FIM” Windows Server 2012 R2 or higher .NET 3.5 Requires a SQL 2012 SP2 or higher Can exist on the same server If on separate server, install SQL Server native client Can use a separate installation of SharePoint 2013 single server Must be installed on the same server Required to use the MIM portal (self service features)

13 Deploying MIM 2016 Version: Install MIM 2016 with Service Pack 1
Accounts Service Account for MIM Log on as a service and Run as a service permissions on the server (automatically assigned) (make sure they don’t get overwritten by a GPO!) Domain user for AD Connector Replicate Directory Changes, Create Child Objects, and Write all properties permissions Install Account SQL Server Admin & Local Admin on server

14 MIM Installation Demo Setup Service Accounts/Groups Add .NET 3.5
Install SQL Server Native Client Install MIM MIM Installation Demo

15 MIM Setup & Configuration
Management Agents MIM uses Management Agents to connect to identity resources and endpoints We will need to use the built in Active Directory Management Agent (ADMA) and the downloadable SharePoint Management Agent (SPMA) Solution Files Available from GitHub Allows easy configuration of the SharePoint synchronization and Management Agent

16 What is synced by default from AD?
name department description displayName givenName mail manager member thumbnailPhoto physicalDeliveryOfficeName msDS-PhoneticDisplayName msDS-PhoneticFirstName msDS-PhoneticLastName proxyAddresses telephoneNumber title wWWHomePage

17 01 02 03 04 Extra Configuration Filter users from AD
Scheduling the synchronization 02 Determining user profile picture flow direction 03 Advanced/custom attribute sync 04

18 MIM & SharePoint Configuration Demo
Install SPMA Configure SharePoint Configure SPMA and ADMA Test Sync Schedule Sync MIM & SharePoint Configuration Demo

19 Questions ?

20 Thank you! Please fill out the survey on your app
Come ask me questions and stay in touch @theCloudSherpa

Download ppt "Using Microsoft Identity Manger with SharePoint 2016 to fill the User Profile Sync Gap Max Fritz Senior Systems Consultant Now Micro."

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Service Manager for MSPs

Service Manager for MSPs
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
SP 2013 User Profile Service Overview Connecting your Profile to the Portal.

SP 2013 User Profile Service Overview Connecting your Profile to the Portal.
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
Whether you like it or not! Importance increases significantly with SharePoint 2013 Pretty much every investment area relies on Profiles for core.

Whether you like it or not! Importance increases significantly with SharePoint 2013 Pretty much every investment area relies on Profiles for core.
Installation and Deployment in Microsoft Dynamics CRM 4.0

Installation and Deployment in Microsoft Dynamics CRM 4.0
RequirementsDeployment Options 2 3 Dirsync Overview 1 Understanding Synchronization 4.

RequirementsDeployment Options 2 3 Dirsync Overview 1 Understanding Synchronization 4.
Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in 2009. Acceleratio specializes in developing high-quality enterprise.

Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in Acceleratio specializes in developing high-quality enterprise.
Identity management integration options for Office 365

Identity management integration options for Office 365
Internet, 16 July 2014 Predica bag of (FIM)tricks Tomasz Onyszko

Internet, 16 July 2014 Predica bag of (FIM)tricks Tomasz Onyszko
Understanding Active Directory

Understanding Active Directory
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
OM. Brad Gall Senior Consultant

OM. Brad Gall Senior Consultant
First Look Clinic: What’s New for IT Professionals in Microsoft® SharePoint® Server 2013 Sayed Ali (MCTS, MCITP, MCT, MCSA, MCSE )

First Look Clinic: What’s New for IT Professionals in Microsoft® SharePoint® Server 2013 Sayed Ali (MCTS, MCITP, MCT, MCSA, MCSE )
© 2011 PLANET TECHNOLOGIES, INC. Extending User Profiles with Line of Business Data Patrick Curran, MCT FEBRUARY 24, 2013.

© 2011 PLANET TECHNOLOGIES, INC. Extending User Profiles with Line of Business Data Patrick Curran, MCT FEBRUARY 24, 2013.
Module 8 Configuring and Securing SharePoint Services and Service Applications.

Module 8 Configuring and Securing SharePoint Services and Service Applications.
Single Sign-On with Microsoft Azure

Single Sign-On with Microsoft Azure

Similar presentations

Ads by Google