Replicating MIIS To Another Server

Here’s a really, really useful trick. You can copy the MicrosoftIdentityIntegrationServer database to another server, run miisactivate, and, within no time at all, have an exact replica of your live server.
 

Let me just spell this out – not only will you have all your MAs, your Metaverse fully populated, and your Connector Spaces fully populated; you will also have your complete Extensions folder, as MIIS stores a copy of it within the database, and dumps it out at service startup!

There are a couple of changes you must make first, but once you have it really is that simple.

Firstly, this method only works if you have changed the MIIS management groups from local to domain. This is a bit tricky so will be the subject of another post.

Next, your second server needs a copy of the keyset.bin which you will have saved from your live installation. Copy it into the bin folder under the MIIS program directory.

And that is really it. Once you’re ready the method to replicate your installation is as follows:

  1. Use SQL to backup the MicrosoftIdentityIntegrationServer database to a file on the first server, move the backup file to the second server, and restore it there.
     
  2. On the second server, run miisactivate from the MIISbin folder:

    miisactivate keyset.bin svcaccount *

    The svcaccount is the account you want the MIIS service to run as. Inserting a * instead of the password will cause miisactivate to prompt you. I think this is safest if you want to put the command in a little batch file.
     

  3. Miisactivate will give you a warning about the dire consequences of continuing with this if the live server is still running. This can be safely ignored, as long as you don’t intend to start running exports from this server.
     

  4. Miisactivate will start the MIIS service, so once it has completed you should be able to run Identity Manager straight away.
     

  5. Once in Identity Manager, you may have to change some of your MA connection configs if they are pointing to the old server. However if you were clever and used localhost you won’t even have to do that!
     

If you are unable to start Identity Manager, go back and check that:

  • You’re using Domain rather than Local management groups

  •  The second server is a member of the same domain, or a trusted domain, as the first server;

  • The MIIS service account is a member of the MIIS_Admins group.

This method is really fantastically useful for satisfying Disaster Recovery and Testing requirements at the same time. In my environment I replicate the MIIS database to the DR server every night. During the day I can use it for a test server, knowing that it will be again refreshed to an almost live state overnight.

See also:  A DR Plan For Password Sync

About: Carol

I've been doing IT for 30 years, and IdM for 15. I live in Australia and build IdM solutions based on Microsoft Identity Manager. I also play the violin, but that doesn't help much with the IdM solutions.


2 thoughts on “Replicating MIIS To Another Server”

  1. Hi Carol,
    I am trying to backup my ILM on different server but failed. Actually i am using the local system account as a service account of ILM 2007 on one server that i want to replicate and the same local account name on another server.

    I have followed the same process as you mention in your blog but unable to connect ILM server.

    I didn’t change the MIIS management groups from local to domain. by doing this we must have those accounts in Domain controller right? but what if i can’t access to domain controller and i want to use local system account.

    thanks

  2. This method will not work unless you change the groups as well. If you really don’t want to do that you will have to re-install ILM on the failover server, after restoring the DB.

Comments are closed.