This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.
First published on MSDN on Jun 12, 2018
Using This Guide:
Introduction:
This document is intended to be used as an operational procedure document for updating the Microsoft Identity Management 2016 Service and Portal installations. You may perform search and replace on the variables listed below to create a detailed version update guide customized for your environment.
Document Variables:
|
Description |
Search and Replace Variable |
|
Common name of the first MIM Service and Portal Server (ex. Portal01) |
[MIM SERVER 1] |
|
Common name of the second MIM Service and Portal Server (ex. Portal02) |
[MIM SERVER 2] |
|
Primary Synchronization Server’s Common Name. |
[Primary Sync Server] |
|
The Installation account used to perform installation and updates of the MIM Synchronization Service Software. |
[Install Account] |
Procedure Summary for Updating FIM / MIM:
The update process consists of the following steps:
Identify the Current Version:
- Identify the current version of the Service and Portal.
Identify the Update Version:
- Identify the release appropriate for your environment.
- Download the selected update file.
Synchronization Service:
- Stop Scheduled Tasks associated with MIM Run Profiles
- Confirm all Synchronization jobs are completed.
- Validate Configuration of Off-line Spare
- Stop the Primary Server Synchronization Service
- Install the update on the Offline Spare
- Install the update on the Primary Sync Server
Service, Portal, Password Registration and Reset:
- If applicable, update the Portal and FIM Service to same release.
- If applicable, update the Password Reset and Registration Sites
Final wrap up:
- Enable Scheduled Tasks
Identify the Current Version:
Identify the current version of the FIM / MIM Portal:
Using a web browser, connect to the FIM / MIM Portal as an administrator. On the Home page, select About Microsoft Identity Manager .
The version is noted on the resulting page that is displayed. MIM 2016 R1 versions start at 4.4.xxxx.x whereas FIM 2010 R2 begins at 4.1.xxxx version.
Identify the Update Version:
Identify the update release appropriate for your environment :
The release version used for the sync engine should be the same release deployed to the Service and Portal.
You can find the latest update information for your release at the following URL: https://blogs.technet.microsoft.com/iamsupport/idmbuildversions/
Download the selected update file:
After reading the Release Notes and choosing an appropriate release for your environment, you can download the update by selecting the Microsoft Download Center link contained within the Release Note.
The update file for the Service and Portal is likely to have a file name format resembling FIMService_x64_KBxxxxxxx.msp . Download the file to the MIM Service and Portal Servers [MIM SERVER 1] and [MIM SERVER 2] .
Synchronization Service:
Stop scheduled Tasks associated with MIM Run Profiles :
The first step in the update process is to ensure all synchronization service scheduled tasks on the Primary Synchronization Server [Primary Sync Server] are completed or properly stopped before performing the update on the Service and Portal servers [MIM SERVER 1] and [MIM SERVER 2] . Stop, or allow to complete, any currently running tasks associated with the Synchronization Service and its associated run profiles. Note the name of each task that is disabled.
To Open Task Scheduler:
From the Server select Start
Type task scheduler and run the task scheduler utility.
To Disable a task:
Select the task, right click and select Disable
To Stop a running task:
Select the running task, Right Click and select End .
Note: Stopping a scheduled task does not stop an import, export or synchronization job that is currently running in the Synchronization Engine.
Confirm all Synchronization jobs are completed :
On the Primary Synchronization Server [Primary Sync Server]
Launch the Synchronization Service Manager
Select the Operations Tab
Confirm all import, export and synchronization jobs have completed.
For any running jobs, you can allow the job to complete, or manually stop the job, which ever approach may be appropriate to your environment and associated change policies and service level agreements.
The remaining procedures for updating the Synchronization Engine are located at the following link:
Service, Portal, Password Registration and Reset:
Update the Portal and FIM Service to same release
On the Service and Portal servers [MIM SERVER 1] and [MIM SERVER 2], stop the Forefront Identity Manager Service.
Using the Install Account [Install Account],
Login to the Service and Portal Servers [MIM SERVER 1] and [MIM SERVER 2]
Launch Services management console by selecting Start and typing Services.msc
Double click the Forefront Identity Manager Service
Select the Stop button .
Exit the Services management console.
Once the Forefront Identity Manager Service is stopped on the Service and Portal Servers, perform the following actions on each server, completing [MIM SERVER 1] before updating [MIM SERVER 2].
From the server select Start
Type Command Prompt
Right Click Command Prompt and select Run as Administrator
If prompted to allow the program to make changes to the computer, select Yes .
Navigate to the directory location of the update file
Type the file name FIMService_x64_KBxxxxxxx.msp and press [Enter]
Welcome to the Update for MIM Service and Portal
Select Update
Once completed, select Finish
The Forefront Identity Manager Service is started upon selecting Finish
Update the Password Reset and Registration Sites:
The procedures for updating the Password Reset and Registration sites are located at the following link:
Final wrap up:
Enable Scheduled Tasks.
The final step in the update process is to ensure all synchronization service scheduled tasks are enabled on the Primary Synchronization Server [Primary Sync Server] after performing the update. Referring to the previously Noted disabled tasks, enable each of the scheduled tasks that were previously disabled.
Access the Primary Synchronization Server [Primary Sync Server]
Login using the Install Account [Install Account]
To Open Task Scheduler:
From the Server select Start
Type task scheduler and run the task scheduler utility.
To Enable a task:
Select the task, right click and select Enable