Allowing MIM Service to set passwords

The MIM Service account will be the account that calls the MIM Synchronization service, and tells it to reset the password in AD. But in order for the MIM Service account to be able to do that, we need to assign it some permissions with the following steps:

We need to add the account to a couple of groups created during installation of the MIM Synchronization service.
Add the MIM Service account to the MIMSyncBrowse group, as shown in the following screenshot:
Note
By default, this is a local group on the MIM Synchronization server, but you might have chosen to use groups in Active Directory instead, and is recommended. ...

Get Microsoft Identity Manager 2016 Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft Identity Manager 2016 Handbook by David Steadman, Jeff Ingalls

Allowing MIM Service to set passwords

Note

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly