Microsoft Identity Manager 2016 (MIM) Guide has flows (1)

Summary

I recently came across 2 threads in TechNet forums where people were struggling with the instructions of MIM deployment, which turns out are plain wrong.

CAUTION: Please note that this may change after the publication of this blog, which is November 15, 2015, but as of today, the guide is wrong.

I have already submitted a request to Microsoft to fix the first issue a long time ago, but nothing has changed yet, so I thought I would try to let people know.

It is not unusual for Microsoft or other major Software Giants to produce sloppy documentation and this is why in most cases they are careful in the spelling out the “AS IS” with no warranties as, such as this case, but these issues here have had people scratching their heads for days and maybe weeks.   

0

Two major points I want to raise today are:

1: Trying to point out the issues with the guide and provide a roadmap for people trying to use the guide

2: Raise awareness around the approach to using these guides.

PROBLEMS – SOLUTIONS

Let’s start with the most important one, the issues reported and their solutions.

1. AD MA Import Mapping

Under the Section describing the Import Flow Mapping between AD MA and Metaverse, there is an issue with mapping sAMAccontName to an attribute referred to as “f”.  There is no attribute called “f” in the metaverse. And even if it was, you need to map sAMAccountName to accountName in Metaverse, because accountName flows to accountName in MIM Portal.  This is crucial because accountName is a required attribute for users to be able to login to MIM Portal.

2 1

 

Here is the relationship between AD –>  MIM Metaverse –> MIM Portal

4

2.  MIM MA Group Mapping

Second issue is in the Group Mapping Flow in MIM MA configuration. The guide has manager as a property of group. There is no manager property for groups, but owner. Manager is a property of person\user.  This should be changed to owner, thus.  65

About Deployment Guides 

While these guides are meant to guide you through the installation, they are not meant to be used by just anyone.  If you do not have the right knowledge and expertise required, I urge you to stay away from them; especially with delicate products such as Identity management, Active Directory, and systems that have long reaching affects and may be hazardous if not used properly.

Both issues I described above, are very easy to detect as issues for anyone who understands the MIM or any of its predecessors.  An AD Admin should also be able to understand the USER and GROUP schemas.  Or simply, look at the schemas for yourself to verify. I understand your frustration with the documentation, but be aware and careful!

Lot of this has to do with the Salespeople selling these products as “Plug-And-Play” and “easy” when the truth is far from it.

Lastly, these facts, when people with no knowledge of the products try to make them work and fail, give these otherwise great solutions a bad name.

Microsoft – Please be careful!

  IT Folks – Please read before clicking!

Submit a Comment

Your email address will not be published.