Restoring MIM 2016 Sync service from a different forest

Lets look at this usecase

  1. I have a MIM Sync server MIMServerA in Forest TLKA
  2. I have another MIM Sync server MIMServerB in forest TLKB
  3. The Sync servers are exactly the same configuration.
  4. I have lost MIMServerA’s Sync DB, no backups for DB or for VM.

Solution

  1. I restore MIMServerB Sync database to MIMServerA SQL server. I cooy over the key from MIMServerB, play it in C:\Temp.
  2. I log into MIMServerA with my account. I open SQL Studio and give my account TLKadmin SA rights to the MIMServerA SQL server. I also add TLKAdmin to the restored Sync server as DB owner.
  3. I open an Admin command prompt. I change directory to the MIM Bin directory. I run the following command

miisactivate TLKMIMBkey.bin TLKA\TLKAdmin *

  1. I get prompted for password and I enter the password for TLKA\TLKAdmin
  2. Next is to change the account used to encrpt config data in the sync DB from the TLKB account to the TLKA account. Stop the Sync service. From the Admin command prompt in the Bin directory run miiskmu.exe. Choose Abandon the current key, at the next screen enter TLKA\TLKAdmin account info. The process will complete successfully. But you still cannot open the Sync manager.
  3. Now to change the MIM groups in the Sync DB from TLKB to TLKA, you want to run change from the control panel uninstall section. When you click on change you get the message a you need to run in Admin mode. Go to an Admin command prompt and run this

MsiExec.exe /I{5A7CB0A3-7AA2-4F40-8899-02B83694085F}

  1. This will open the MIM change program. Then enter the TLKA MIM groups and go through the prompts. When it is finished, the Sync Manager can open.

Switch the Data

  1. Go to each Management agent and change the config to match TLKA
  2. For AD MA you cannot change the forest of an MA, so export the config and create a new MA
  3. Switching the data is where one has to careful. A couple of things to note
  • Make sure your MV Object deletion rule is well set so you do not leave any orphans
  • Delete all the MV data and do Full Import and Full Sync
  • Note which MA projects first for an object and do it in that order

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s