Thursday, September 23, 2010

Upgrading MIIS 2003 to ILM 2007

I recently upgraded a Microsoft Identity Integration Server 2003 to Identity Lifecycle Manager 2007. As far as I have been able to determine there are very few differences between these two products other than the fact that ILM supports AD 2008.

MIIS/ILM is basically a quite decent metadirectory engine that also can be used as a poor mans provisioning solution although the total lack of support for requests, approval workflows, self service and recertification to just pick a few of the features you normally would expect in a provisioning solution can be a tiny bit limiting. Microsoft has addressed some of these concerns in Microsoft Forefront that was released earlier this year.

The upgrade process was actually very straightforward.

  1. Take backup of encryption key in old MIIS install
  2. Take backup of old database (SQL 2000)
  3. Import backup into new database (SQL 2005)
  4. Put the encryption key on new app server
  5. Start install and do some basic configuration
  6. Get some coffe and let the upgrade run for about an hour
  7. Load up the encryption key in the new ILM install
  8. Patch with the latest patch
  9. Done

The whole process took about two hours for the db steps and another hour or so for the application step. I was very impressed with the ease of the upgrade process. Normally IDM upgrades are really complex and time consuming so this was a very pleasant surprise.

One interesting feature was that the custom dlls that contain our custom rules actually got copied over to the file system of the new application server automatically. I assume that MIIS/ILM keeps them in form of blobs in the database and the upgrade process copy the files out of the db.

1 comment:

  1. This would make a great reference for Microsoft to use in the field as they go round again to sell the upgrade proposition from ILM to FIM 2010.
    On your reporting issue check out