Saturday, November 27, 2010

Forefront identity management 2010 Installation

Some of you might have struggled trying to install FIM 2010, I must admit it’s a little tough at first the software having so many requirements.
Here is a quick guide that should help you deploy that solution in one shot and be done with it. I’ve skipped the obvious part or this would have taken me forever so here we go.
I will assume that you have a windows domain with Microsoft Exchange and an SQL server installed so I will skip these step and go on to the part that’s important in the FIM installation process.
1- Account Creation
You will need to create multiple standard domain accounts each of which will be used for a different purpose, (try not to use the domain admin account even though it works):
· Create an e-mail-enabled domain service account to run the FIM Service
· Create a domain service account to run the FIM Synchronization Service
· Create a domain FIM Service management agent account
· Create a SharePoint Server management account.
· Create an SQL Server admin account.

clip_image002
2- Account configuration
Next step is to configure those accounts:
· Allow Logon locally on the FIM server to the FIM MA account
clip_image004
· Grant the « log on as a service » right to the FIM Service Account
clip_image006
3- SharePoint Installation and configuration
We can now install SharePoint services (WSS 3.0) on your FIM server (standard standalone install):
clip_image008
Once the installation is complete, launch the central administration website open the site actions and select “Create”.
clip_image010
Select « Create or extend Web application »
clip_image012
And configure the new web application as follows:
clip_image014
Once the application created you should be able to browse the localhost website and get the page below:
clip_image016
Navigate back to the central administration website and choose to create a basic web page:
clip_image018
4- Securing the SharePoint Website :
Start by issuing a webserver certificate for the FIM Server
clip_image020
Then in IIS, bind the SharePoint website in HTTPS using the certificate created previously.
clip_image022
Then get back to the central administration website and go to operations/alternate access mappings
clip_image024
clip_image026
Edit the http://fimserver url into https://fimserver
clip_image028
5- FIM Installation
Start by installing the synchronization service
clip_image030
clip_image032
Select the machine you’d like to install the service on and the sql server instance to use,
clip_image034
This step will create the local groups you will need to administer FIM, leave as is and continue then finish.
clip_image036
Next step is the manager service and portal installation:
clip_image038
Skipping the obvious parts, select the features you’d like to install
clip_image040
Select the database server and database name you’dd like to use to store the FIM data
clip_image042
Enter the mail server Address and the features you’d like enabled:
For exchange 2007 and 2010, the three checkboxes should be selected.
clip_image044
Select the Generate a new self-issued certificate option even if you have a pki installed on your domain.
clip_image046
Enter the service account created in the first step of this document:
clip_image048
As well as the synchronization server and the management account:
clip_image050
Enter the FIM server Address
clip_image052
Then enter the SharePoint site URL you created earlier (localhost if the site is on the server):
clip_image054
Finally choose to open the ports on the local firewall and to grant authenticated users read access to the FIM portal and password reset site.
clip_image056
Users that wish to administer the solution must be members of the local FIMSyncAdmins group
clip_image058
Make sure that the fim services are started
clip_image060
You can now finally begin using FIM