none
Looking for a little explantion of MIM 2016 service accounts RRS feed

  • Question

  • I'm looking to implement the MIM 2016 Synchronization Service to Sync GAL's.  I pre-created the accounts listed in the official setup documentation as well as groups, but is there any info out there that details what each of these do?

    Along those lines, I'm going to be using a remote SQL server, but my Database Team wants to know what account needs permissions to create the database.  My guess would be the SQLServer account I created, but I'm installing with my Domain Admin account on the actual server.  Any insight would be greatly appreciated.

    Thursday, January 19, 2017 3:58 PM

Answers

  • The account running the MIM installer needs the sysadmin permission on the SQL instance. So in this case the domain admin account you are logging in with. Yes MIM really does need sysadmin permission, although only for the installation or applying hotfixes etc. (If I remember rightly the sync engine install even checks for this permission explicitly now.)

    The installer will then assign the correct permissions in SQL.

    • Marked as answer by stigs007 Friday, January 20, 2017 2:16 PM
    Friday, January 20, 2017 9:28 AM

All replies

  • The account running the MIM installer needs the sysadmin permission on the SQL instance. So in this case the domain admin account you are logging in with. Yes MIM really does need sysadmin permission, although only for the installation or applying hotfixes etc. (If I remember rightly the sync engine install even checks for this permission explicitly now.)

    The installer will then assign the correct permissions in SQL.

    • Marked as answer by stigs007 Friday, January 20, 2017 2:16 PM
    Friday, January 20, 2017 9:28 AM
  • Appreciate the response.  Had a feeling something like that was needed but I honestly couldn't find that pre-req anywhere in the docs.
    Friday, January 20, 2017 2:18 PM