Microsoft Identity Manager (MIM) 2016 is built on the identity and access management capabilities of FIM 2010 R2. Like its predecessor, MIM helps us to manage the users, credentials, policies and access within your organization. Additionally, MIM 2016 adds a hybrid experience, privileged access management capabilities and support for the new platforms.
User profile synchronization in versions prior to SharePoint 2016 relied on an in-built ForeFront Identity Manager (FIM), which ran inside SharePoint Server. However, in SharePoint Server 2016, FIM has been removed. User profile synchronization will be done by Microsoft Identity Manager, which will act as the successor to FIM. MIM will reside in a separate Server other than the SharePoint 2016 Server. Thus, if we already have MIM Server, we can leverage it and use it with SharePoint 2016.The installation procedures are documented in detail here.
Resolve Issues with encountered while running MIM Sync
In this article, we will see how to resolve the below issues that may come up while starting the SharePoint Synchronization using Microsoft Identity Manager:
- Missing Partition for run step
- Extensible connector refresh required
![SharePoint]()
Start-SharePointSync perform a full synchronization of user profiles with SharePoint 2016. When we get above errors while starting the synchrnozation, one easily accessible point of error isolation is Synchronization Service Manager. Once we open the Synchronization manager, we can see the errors associated with the recent synchronizations.
![SharePoint]()
Resolve ‘Missing Partition for run step’ error
Missing partition set up error usually occurs when there is a wrong DC and Partition. Usually the AD that was defined in Synchronization Connection is used for the Synchronization, but if it has been changed or other Domains has been added automatically we will get ‘Missing Partition for run step’ error. In order to rectify this let's head over to the Management Agents tab.
![SharePoint]()
Right click ADMA(Active Directory Management Agent) and select configure run profiles.
![SharePoint]()
This will show all the run profiles associated with ADMA. Lets take Full Import run profile and check the partition. We can see a GUID listed in the partition value. We will have to change this to a full qualified Domain name against which the synchronization will run. In order to do that delete the existing ‘Full Import’ run profile from the same window and select the option ‘New Profile’
Recreate Full Import Run Profile
![SharePoint]()
This will delete the existing FullImport run profile and open the window to create a new run profile. Let's name it FullImport and proceed to the next window.
![SharePoint]()
In the Configure step, select the type of run profile for which we will select Full Import (Stage Only).
![SharePoint]()
In the final window ‘Management Agent Configuration’, we will specify the partition which is the Fully Qualified Domain Name.
![SharePoint]()
Click on Finish to create ‘FullImport’ run profile. Now we can see the new profile has a domain name in the partition value instead of a GUID.
![SharePoint]()
Recreate DeltaImport Run Profile
Just like we recreated the FullImport Run Profile, we will delete the existing DeltaImport Run profile and create a new one with the same name. But in the ‘management Agent Configuration window we will specify the partition that will be used for Synchronization like we did for FullImport run profile. After the recreation the DeltaImport run profile will look like below.
![SharePoint]()
Recreate Delta Synchronization Run Profile
Just like we recreated the Delta Import Run Profile, we will delete the existing Delta Synchronization Run profile and create a new one with the same name. After the recreation the Delta Synchronization run profile will look like below,
![SharePoint]()
Recreate Full Synchronization Run Profile
As the last step, let's recreate the Full Synchronization run profile with the correct AD partition. The partition post creation of the Full Synchronization will have the below value.
![SharePoint]()
Once we have recreated the run profiles with the proper partition, let's run the SharePointSync cmdlet once again.
Start-SharePointSync -WhatIf -Verbose
This time, we can see that the ‘Missing Partition for run step’ error has been resolved and we can see a success message instead.
![SharePoint]()
Resolve Extensible Connector refresh required error
This is an error that is related to the SharePoint Management Agent that asks for an explicit refresh of the connector.
![SharePoint]()
One of the easiest ways to resolve the error is to right click the SPMA and select Properties option.
![SharePoint]()
This will open the Properties window. Click on OK to enforce a refresh of the SPMA connector.
![SharePoint]()
Now, if we head over to PowerShell and run the SharePoint Sync cmdlet, we can see that all the run profiles have a success return value indicating complete success of the synchronization.
![SharePoint]()
If we check the Synchronization Manager, we can see that here also all the run profiles have displayed a success message. The synchronization statistics has done 17 updates as well. If we click on the count, we can see the details of the updates. Similary, if there are new profiles being added or existing profile being removed, the respective statistics will appear in the below table.
![SharePoint]()
Summary
Thus, we saw how to resolve the issues that may occur during the starting of the Microsoft Identity Manager synchronization.