Saturday, January 21, 2017

What groups are used in my Microsoft Identity Manager installation

I came across a question today what the actual group names are used in a MIM installation. For a production system that should never be a question but in test labs with one AD and multiple "flying" setups, it can understand that it come sometimes to confusion. So thought it can be helpful to others to show how to find that out.

At first, I was looking into the registry under the FIMsync service but there was nothing to find there.
So I check in the sync database and voila I found the SIDs in the FIMsynchronization database in table [mms_server_configuration]. I copied the value from administrators_sid and pasted it into ldp.exe to run the translation to a human-readable group name. But bummer. The sid format looked already a little bit strange and ldp.exe could not use it as well.


I know ldp.exe can use a SID in the format S-1-5-...and so I googled it and found on script to convert the hex sid into the format ldp.exe (and I) like.


So now I know the group name is TESTLAB\LAB4711-MIMSyncAdmins ;-)