The Sync Connection provider requires a Sync Panel license key. It contains functionality for monitoring and managing the Microsoft family of identity synchronization engines, including MIM, AADSync, the various versions of FIM 2010, and DirSync. The Sync Engine provider also supports data collection and time traveller features for the MIM Portal (licensed separately), and for password reset history, and includes a range of schedule steps and health probes for working with MIM and related products.
The Sync Connection provider can be used to track data moving through the Connector Spaces and Metaverse, keep a record of operations history long past when the Operations Log is purged, and manage the health and scheduling of the sync environment.
Skip Export Runs – Optional checkbox setting to automatically skip over all export runs activated through the scheduler. This can be used to globally disable exporting of data in a go-live or side-by-side scenario without destroying the standard schedule sequence.
Sync Database Name – Typically FIMSynchronizationService
Sync SQL Instance Name – The database server to connect to. May be just a server name or may have an instance name like MIMPRD01\SQL1
Portal Database Name – Optionally specify MIM/FIM Portal as part of the provider. Typical database name is FIMService
Portal SQL Instance – Optionally specify the SQL instance to connect to for collecting data from the Portal. The data scan exclusively reads from the database and does not use the SOAP API.
Enable CS Rapid Scan – Whether to enable rapid scan: see Tuning Scans
CS Export Path – Location of csexport.exe on server
User & Password – Optional credentials for database connection. Does not apply to WMI access. Integrated authentication with panel service account is recommended.
WMI Timeout Seconds – In most scenarios 30 seconds is suitable. See Tuning Scans.
Reference Attribute from Hologram – Controls how reference attributes are read. Should be selected for best performance and change resolution.
Parallel scan limit – Number of MAs to collect data from in parallel. 5 is a good number in most environments.
CS Scan abort Threshold – Number of objects to tolerate errors on before aborting scan. Useful in MIM installations that suffer from known Microsoft API bugs.
On the SoftwareIDM Panel Service account, grant the following permissions:
- Add the service account to the FIMSyncOperators group
- Add the service account to the FIMSyncBrowse group
- Grant the service account the datareader role for the FIMSynchronizationService database
- If using the Portal, grant the service account datareader role for the FIMService database
Note: If configuring Panel Service with index optimization schedule tasks additional database permissions may be required.
After granting permissions, run Panel Tools, and perform an initial load Full Scan of the sync engine provider. If desired perform a Portal full scan. Initial load scans may take 5 or more hours to finish depending on the size of the environment.
The Sync connection provides a number of schedule steps: see Schedules
To maintain data integrity Full scans should be scheduled to run daily or weekly.
Please sign in to leave a comment.