none
Does MIM 2016 REQUIRE SharePoint? RRS feed

  • Question

  • I am configuring an ESAE environment using MIM 2016.  We will be using PowerShell scripts and the PAM commandlets to migrate admin accounts from the corporate domain to the red forest, migrate groups to create the shadow principles in the red forest, and manage roles.  I do not want to use SharePoint.  All ESAE installation instructions include the installation of SharePoint with MIM.  Is SharePoint REQUIRED or can the MIM be installed without SharePoint?

    Robert

    Saturday, December 15, 2018 2:10 AM

All replies

  • No , you don’t need SharePoint to be installed to configure MIM 2016 . If you are planning to configure user pofile for your sharepoint users then you need SharePoint to be confugured. So you can use MIM with SharePoint for user profile sync.. but Sharrpoint is not a prerequisite for MIM installation Hope this helps !
    Saturday, December 15, 2018 3:08 AM
  • Hi,

    SharePoint is a requirement if you want to use the MIM Portal.

    Br,

    Leo


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Monday, December 17, 2018 3:37 PM
  • The MIM Portal isn't a requirement for PAM. You can do everything you need to via PowerShell.
    Monday, December 17, 2018 4:36 PM
  • We do not plan to use the portal.
    Tuesday, December 18, 2018 1:35 PM
  • Do you have any suggestions for installing MIM 2016 without SharePoint?  So far, we have been unsuccessful. Every Microsoft page I have found regarding installation always includes SharePoint.  

    We are trying to get access to the MIM 2016 SP1 to see if we are more successful installing that without SharePoint.   

    Any additional thoughts and suggestions will be very much appreciated!

    Robert

    Tuesday, December 18, 2018 1:41 PM
  • Hi,

    Take a look at the instructions on how to install the synchronization engine component, install the PAM component which is a subcomponent of the FIM/MIM service MSI.  The sample PAM portal site on GitHub is optional if you are interested in not using PowerShell or want to build your own custom portal.

    Best,

    Jeff Ingalls

    Tuesday, December 18, 2018 6:58 PM
  • Thanks Jeff.  I started to follow the install instructions for the synchronization engine, but i don't think I want that.  I'm trying to install the following:

    • MIM Service: implements business logic for performing identity and access management operations, including privileged account management and elevation request handling.
    • PAM Monitoring Service and PAM Component Service: two services that manage the lifecycle of privileged accounts and assists the PRIV AD in group membership lifecycle.
    • PowerShell cmdlets: for populating MIM Service and PRIV AD with users and groups that correspond to the users and groups in the CORP forest for PAM administrators, and for end users requesting just-in-time (JIT) use of privileges on an administrative account.

    I'm trying to use the Service and Portal_Reference_For_PAM_Install.bat.  One specific change I made was to remove "WebPortals" from the variable FEATURES_TO_INSTALL so the set command looks like SET FEATURES_TO_INSTALL=CommonServices,PAMServices.  The command now looks like the following...

    SET COMMAND=MSIEXEC /i "%MSILOCATION%\%MSIFILENAME%" SQMOPTINSETTING=%SQMOPTINSETTING% MAIL_SERVER="%MACHINENAME%" ^
    SQLSERVER_SERVER="%MACHINENAME%" SERVICE_ACCOUNT_NAME="%ADMIN_USER%" SERVICE_ACCOUNT_PASSWORD="%ADMIN_PASS%" ^
    SERVICE_ACCOUNT_DOMAIN="%DOMAINNAME%" SERVICE_ACCOUNT_EMAIL="%ADMIN_USER%@%DOMAINNAME%.%DOMAIN_SUFFIX%" ^
    PAM_MONITORING_SERVICE_ACCOUNT_DOMAIN=%PAM_MONITORING_SERVICE_ACCOUNT_DOMAIN% ^
    PAM_MONITORING_SERVICE_ACCOUNT_NAME=%PAM_MONITORING_SERVICE_ACCOUNT_NAME% PAM_MONITORING_SERVICE_ACCOUNT_PASSWORD=%PAM_MONITORING_SERVICE_ACCOUNT_PASSWORD% ^
    PAM_COMPONENT_SERVICE_ACCOUNT_DOMAIN=%PAM_COMPONENT_SERVICE_ACCOUNT_DOMAIN% PAM_COMPONENT_SERVICE_ACCOUNT_NAME=%PAM_COMPONENT_SERVICE_ACCOUNT_NAME% ^
    PAM_COMPONENT_SERVICE_ACCOUNT_PASSWORD=%PAM_COMPONENT_SERVICE_ACCOUNT_PASSWORD% PAM_REST_API_APPPOOL_ACCOUNT_DOMAIN=%PAM_REST_API_APPPOOL_ACCOUNT_DOMAIN% ^
    ACCEPT_EULA=%ACCEPT_EULA% FIREWALL_CONF=%FIREWALL_CONF% REBOOT="%REBOOT%" /l*v "%LOGFILENAME%" 

    I'm currently getting EXIT CODE: 1639

    Tuesday, December 18, 2018 10:08 PM
  • Ok.  I made some progress...  I found https://blog.oholics.net/mim-pam-automated-installation-script/ with a corresponding file in github.  I used it to tweak my Service and Portal_Reference_For_PAM_Install.bat and was able to get the installer to start. 

    As previously stated, one specific change I made was to remove "WebPortals" from the variable FEATURES_TO_INSTALL so the set command looks like SET FEATURES_TO_INSTALL=CommonServices,PAMServices

    Now I'm getting the following error.  I don't understand why it is trying to get IIS information when I explicitly left WebPortals out of the feature list.  Does anyone have any thoughts on this?


    MSI (c) (8C:A4) [08:27:20:272]: Doing action: GetIISVersionFromRegistry
    Action 8:27:20: GetIISVersionFromRegistry. Getting IIS Version
    Action start 8:27:20: GetIISVersionFromRegistry.
    MSI (c) (8C:3C) [08:27:20:277]: Invoking remote custom action. DLL: C:\Users\svc_mimadmin\AppData\Local\Temp\5\MSI3046.tmp, Entrypoint: GetIISVersion
    SFXCA: Extracting custom action to temporary directory: C:\Users\svc_mimadmin\AppData\Local\Temp\5\MSI3046.tmp-\
    SFXCA: Failed to get requested CLR info. Error code 0x80131700
    SFXCA: Ensure that the proper version of the .NET Framework is installed, or that there is a matching supportedRuntime element in CustomAction.config. If you are binding to .NET 4 or greater add useLegacyV2RuntimeActivationPolicy=true to the <startup> element.
    CustomAction GetIISVersionFromRegistry returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    Action ended 8:27:20: GetIISVersionFromRegistry. Return value 3.
    MSI (c) (8C:A4) [08:27:20:827]: Doing action: FatalError
    Action 8:27:20: FatalError. 
    Action start 8:27:20: FatalError.
    Action 8:27:20: FatalError. Dialog created

    Wednesday, December 19, 2018 3:32 PM
  • The PAM REST web service uses IIS so you are going to have to add IIS first.
    Wednesday, December 19, 2018 4:36 PM
  • It is definitely not .. we are running them without SharePoint .. if you need to have portal that is integrated with lot of other functionality that SharePoint could offer then you can combine with SharePoint Installation  . So going back to the original question.

    No , you don’t need SharePoint to be installed to configure MIM 2016 . If you are planning to configure user pofile for your sharepoint users then you need SharePoint to be confugured. So you can use MIM with SharePoint for user profile sync.. but Sharrpoint is not a prerequisite for MIM installation 

     
    Wednesday, December 19, 2018 5:19 PM