Supporting Your Microsoft Identity Manager Estate
Jump to: Common Support Scenarios | Synchronization | MIM Service and Portal | Infrastructure and Dependencies | How Could You Benefit from Help with Your MIM Environment?
Microsoft Identity Manager (MIM) 2016 forms the core of many organizations’ on-premises identity frameworks, handling user provisioning, role-based access control, and master data synchronization across complex directory environments. For IT teams responsible for maintaining these systems, the stakes are high. MIM estates are seldom straightforward, and the future is increasingly uncertain as Microsoft’s mainstream support timeline nears its end.
Maintaining a healthy MIM deployment isn’t just a technical challenge — it’s a strategic one. Organizations must balance the demands of day-to-day operational stability with capacity for longer-term decisions about modernization, cloud migration, and identity governance maturity.
Understanding what can go wrong and how to respond effectively is the foundation of a resilient identity estate. Oxford Computer Group (OCG) has been helping its customers maintain the security and reliability of their MIM solutions through regular health checks and proactive and reactive support.
The sections that follow explain the most common support scenarios we encounter in practice.
Common Support Scenarios
With Microsoft Identity Manager 2016 approaching its end of life, mainstream support ended in 2021, and extended support runs through January 2029 — organizations are navigating a complex mix of day-to-day operational challenges alongside longer-term strategic decisions. Understanding which support scenarios arise most frequently helps teams prioritize resources effectively.
With decades of experience in identity management technologies – particularly MIM and Microsoft Entra ID, our team of experts quickly identify and remedies issues. Therefore, something you might imagine would take days to accomplish (and therefore be costly) can often be resolved in a matter of hours.
The most common issues we’ve encountered in active MIM estates typically fall into a few categories:
- Connector failures- broken connections to HR systems, Active Directory, or other managed directories
- Synchronization rule conflicts- competing or overlapping policies causing unexpected attribute flows
- Certificate and service account expiry- a surprisingly frequent source of outages
- Performance degradation- often tied to database growth or unoptimized run profiles
Acknowledging these pain points honestly is important: many stem from configuration drift that accumulates over years of undocumented changes. No environment is perfectly maintained. Addressing them requires a methodical review of both the technical configuration and the underlying business rules that drive identity workflows, which is where synchronization engine behaviour becomes the critical focus.
Synchronization
The MIM Synchronization Service is the powerhouse that drives MIM, orchestrating data flow between connected systems through a series of management agents (MAs) and run profiles. At its core, it maintains a unified identity store that consolidates attributes from multiple connected data sources into a single authoritative view.
In practice, synchronization issues are among the most frequent support challenges. Common problems include connector space errors, stalled run profiles, attribute flow conflicts, and rules extension failures that surface only under specific data conditions. Diagnosing these typically requires reviewing Synchronization Service Manager, examining operation logs, and carefully tracing how objects move through import, synchronization, and export cycles.
As organizations navigate the end of mainstream support for MIM, keeping synchronization workflows stable becomes especially critical — any disruption here cascades through provisioning pipelines, affecting downstream systems. With over 40 supported management agents, the connector landscape can quickly become complex.
Understanding synchronization sets the foundation for everything built on top of it — including the MIM Service and Portal, where workflow and policy logic add another layer of operational complexity.
MIM Service and Portal
While the Synchronization Service handles data movement, the MIM Service and Portal layer is where identity workflows, approvals, and self-service capabilities, which are most visible to end-users, come to life. These are often the most complex to maintain as support deadlines draw closer.
The MIM Portal provides a web-based interface for self-service password reset, group management, and request workflows. In practice, keeping this layer healthy requires consistent attention to workflow configuration, Exchange integration, and SharePoint compatibility — the Portal runs on SharePoint, which introduces its own dependency chain.
A common pattern is for organizations to underestimate the extent to which the MIM Service is coupled to surrounding infrastructure. According to Microsoft’s official documentation, the service relies on SQL Server, a mail-enabled account, and specific Windows Server versions — each of which represents a potential end-of-support pressure point in its own right. That infrastructure dependency story is exactly what the next section explores in detail.
Infrastructure and Dependencies
MIM 2016 doesn’t operate in isolation — it relies on a specific stack of supporting technologies that must be carefully maintained. At its core, MIM requires Windows Server, SQL Server, and SharePoint (for the Portal), creating a multi-tier architecture that demands ongoing patching, licensing, and capacity management across each layer.
This dependency chain has real operational weight. SQL Server hosts the MIM Service database and the Synchronization Service database, so performance directly impacts identity processing throughput. SharePoint, meanwhile, is required purely to render the self-service portal — a dependency many organizations find disproportionate given its complexity.
Windows Server 2019 or later is recommended for current deployments, together with supported SQL Server versions aligned with Microsoft’s lifecycle timelines.
Microsoft’s recent and long-anticipated release of MIM Service Pack 3 contains important updates for organizations running MIM. Read our recent Blog on MIM SP3 to explore what’s included, key considerations, and the options available for your next steps.
In practice, the infrastructure footprint required to run MIM reliably is a significant consideration when organizations begin evaluating a MIM replacement. Maintaining multiple interdependent server roles across on-premises infrastructure adds cost and complexity that cloud-native alternatives typically eliminate. As organizations weigh these trade-offs, understanding the updates and lifecycle changes Microsoft has communicated becomes equally critical.
How Could You Benefit from Help with your MIM environment?
Whether you are facing performance issues, configuration gaps, or need peace of mind that your identity platform is secure and well-supported, we are here to help. We offer ‘all-you-can-eat’ fixed-price identity and access management support agreements to take good care of your system.
Fixed-Price Support from The Identity Experts – Peace of Mind and No Surprises
Expert IAM support at a fixed price– To give you peace of mind, we offer ‘all-you-can-eat’ fixed-price identity and access management support agreements to take good care of your system.
Fast responses, regular maintenance- In addition to responding fast to business-critical incidents, we will perform regular checks to ensure your identity management system is working effectively and to pre-empt future issues.
No extra charge for change requests– Unlike typical support agreements, we will also handle requests for minor changes on a best-efforts basis at no extra charge. Such changes might include managing additional attributes and health probes, modifying provisioning logic, and configuring workflows, group management, and reports.
With decades of experience in identity management technologies – particularly MIM and Microsoft Entra ID- our team of experts quickly identify and remedy issues. Therefore something you might imagine would take days to accomplish (and therefore be costly) can often be resolved in a matter of hours.
LEARN MORE ABOUT OUR FIXED-PRICE MIM SUPPORT PACKAGES
Whatever Your IAM Support Needs Are, We’ve Got You Covered
We are friendly, fair, thorough and committed. With decades of identity experience, we know what we’re talking about.
We are confident you won’t find a better-value support contract anywhere, and onboarding is straightforward.
Find out more about how we can support you by speaking to our Business Development Manager, Mark Forbes. He would be delighted to hear from you!
- Email Mark
- Call for an informal chat on +44 (0)1865 521200
- Use our live chat at the bottom right of this page
- Complete our contact form
CONTACT US ABOUT OUR FIXED-PRICE MIM SUPPORT PACKAGE
CONTACT US FOR EXPERT HELP WITH YOUR MIM ENVIRONMENT
Useful Resources
- Read: Microsoft Identity Manager (MIM) Service Pack 3 Update
- Read: Top 6 resources companies managing MIM are looking at right now
- Read: Managing, securing, and migrating from MIM: Our top tips
- Read: Transitioning simple on-premises identity (MIM) to cloud-first (Entra ID)
- Watch: Transitioning from MIM to Microsoft Entra cloud-first IAM
- Watch: Moving from MIM to Microsoft Entra ID Governance to future-proof identity management