Here’s a really, really useful trick. You can copy the MicrosoftIdentityIntegrationServer database to another server, run miisactivate, and, within no time at all, have an exact replica of your live server.
Let me just spell this out – not only will you have all your MAs, your Metaverse fully populated, and your Connector Spaces fully populated; you will also have your complete Extensions folder, as MIIS stores a copy of it within the database, and dumps it out at service startup!
There are a couple of changes you must make first, but once you have it really is that simple.
Firstly, this method only works if you have changed the MIIS management groups from local to domain. This is a bit tricky so will be the subject of another post.
Next, your second server needs a copy of the keyset.bin which you will have saved from your live installation. Copy it into the bin folder under the MIIS program directory.
And that is really it. Once you’re ready the method to replicate your installation is as follows:
- Use SQL to backup the MicrosoftIdentityIntegrationServer database to a file on the first server, move the backup file to the second server, and restore it there.
- On the second server, run miisactivate from the MIISbin folder:
miisactivate keyset.bin svcaccount *
The svcaccount is the account you want the MIIS service to run as. Inserting a * instead of the password will cause miisactivate to prompt you. I think this is safest if you want to put the command in a little batch file.
Miisactivate will give you a warning about the dire consequences of continuing with this if the live server is still running. This can be safely ignored, as long as you don’t intend to start running exports from this server.
Miisactivate will start the MIIS service, so once it has completed you should be able to run Identity Manager straight away.
Once in Identity Manager, you may have to change some of your MA connection configs if they are pointing to the old server. However if you were clever and used localhost you won’t even have to do that!
If you are unable to start Identity Manager, go back and check that:
You’re using Domain rather than Local management groups
The second server is a member of the same domain, or a trusted domain, as the first server;
The MIIS service account is a member of the MIIS_Admins group.
This method is really fantastically useful for satisfying Disaster Recovery and Testing requirements at the same time. In my environment I replicate the MIIS database to the DR server every night. During the day I can use it for a test server, knowing that it will be again refreshed to an almost live state overnight.
See also: A DR Plan For Password Sync