When you install the Microsoft Identity Manager (MIM) Synchronization Service, you have to provide five security groups for privileged access. Once the installation has been completed there isn’t a simple way to find out what groups were configured. This can be an issue if you have inherited an installation or there is no documentation available for reference.
One way to find out what groups were configured is to run the MIM Synchronization Service installer and choose the Configure option. You’ll need to know the password for the service account to do this. Another way to get this information is to query the MIM Synchronization Service database.
The script included in this article will provide output similar to what’s shown below.
To run this script, run the following command:
.\GetMIMSyncGroups.ps1 -Server "<MIMSQLServerName>" -Database "FIMSynchronizationService"
You can download the script here. Don’t forget to unblock the file before you try to run it.
Related posts
Components of a PKI, Part 1: Digital Certificates
Digital certificates (most commonly represented by the X.509 public key certificate standard) are signed data objects that associate a…
Components of a PKI, Part 2: Certificate Authorities and CA Hierarchies
In Part 1 of our “Components of a PKI” blog series, we defined several PKI terms that are useful for understanding Certificate Authorities…
Three Things to Plan for When You Add Single Sign-On
Enabling single sign-on (SSO) for SaaS applications adds convenience for end users, as well as reduces security risks and enables you to…