Hi folks
Product: MIM 2016 (SSPR)
We're currently using MIM 2016 purely for SSPR to sync against one domain. Everything is working as expected fine and dandy; users are able to Password Register and Reset etc. No issues there. Recently, the MIM 2016 Portal admin account
object was a) changed in AD from usernameA to usernameB and this AD object was moved into a new OU once the username was changed. The following day, we tried to log into the MIM 2016 Admin Portal and I got the following error:
Please contact your help desk or system administrator.
> Go to Forefront Identity Manager home page
I then checked for the new username using Metaverse Search within Synchronization Services Manager and could not find the modified username, only the old one. I tried the old username and this too would not let me log into the Admin Portal either - same error as above.
I then performed an Export, Full Import (Stage Only) followed by a Full Synchronization on both the MIM Management Agent and the same again on the MIM AD Management Agent. I still couldn't see the correct (changed) username in the metaverse and obviously still couldn't log in to the MIM 2016 Admin Portal (as above error again).
I then modified the MIM AD Management Agent within the Directory Partitions to include the new OU (to sync in) with the renamed/moved MIM 2016 admin account to sync across. I then performed an Export, Full Import (Stage Only) followed by a Full Synchronization on both the MIM Management Agent and the same again on the MIM AD Management Agent. I could then see the renamed MIM 2016 Admin account but still couldn't log in. I now realise that this should be a flow filtered account to protect the MIM 2016 admin account but was not aware of this at the time.
What is the current status on this account, based on the above? Has it gone? Am I blocked now from accessing the MIM 2016 Portal? I search and see the new account in the MIM 2016 metaverse and it exists but I cannot log into the MIM 2016 Admin Portal - I get the error above. The account was modified and moved to a new OU in AD and not deleted and then the changes (I assume) sync'd in. Have I lost access to the MIM 2016 Admin Portal or can I still access the system?
I found the following article recently - https://www.ccrossan.com/blog/identity-management/fim-portal-no-access-for-fim-admin-account/ - which uses a Powershell script to set the AccountName attribute of the MIM Admin account - identified by a well-known admin user GUID) - is this attribute different between FIM 2010/R2 and MIM 2016? Is this Powershell script of any use here?
If someone could assist me here in any way I can get access back to the Admin Portal, I'd appreciate it. Has the account in the MIM 2016 Admin Portal been deleted? Surely not, as I can see it - it has just had a modification.
Any help on this, really, really appreciated folks! :)