How To: Upgrade from IIFP to MIIS 2003

Applies To: Forefront Identity Manager, Windows Server 2003 with SP1

This How To guide describes the process to upgrade your installation of Identity Integration Feature Pack (IIFP) for Microsoft Windows Server™ Active Directory® directory service to Microsoft Identity Integration Server 2003 (MIIS 2003).

Specifically, you will perform the following tasks to upgrade IIFP to MIIS 2003:

• Backup the IIFP database, encryption keys, and rules extensions.

• Uninstall IIFP from the target server.

• Install MIIS 2003.

• Verify the installation is successful.

The goal of this upgrade is to migrate your working identity integration environment with all critical data intact. This guide provides procedures to facilitate this upgrade.

Migrating from IIFP to MIIS 2003

The following steps must be completed to migrate from IIFP to MIIS 2003.

Step 1: Back up the IIFP database

Step 2: Back up encryption keys

Step 3: Back up rules extensions to file

Step 4: Uninstall IIFP from the target server

Step 5: Install MIIS 2003

Step 1: Back up the IIFP database

In this step you will backup the IIFP database. This is a precautionary measure to guard against any corruption that may occur to the database. If corruption does occur to the database you will have a known good database to revert to for use.

To backup the IIFP database

1. Click Start, point to All Programs, point to Microsoft SQL Server, and then click Enterprise Manager.

2. Expand Microsoft SQL Server, SQL Server Group, (local) (Windows NT), and Databases.

3. Click MicrosoftIdentityIntegrationServer.

4. From the SQL Server Enterprise Manager window, click Tools and Backup Database.

5. In the SQL Server Backup - MicrosoftIdentityIntegrationServer window, point to Destination, and then click Add.

6. From the Select Backup Destination window specify the File name or Backup device that you choose to save the MicrosoftIdentityIntegrationServer database and click OK.

7. Click OK to the message "The backup operation has been completed successfully" and exit the SQL Server Enterprise Manager window.

Step 2: Backup Encryption Keys

In this step you will backup all encryption keys to ensure that the MIIS 2003 installation will be able to read the database created by IIFP.

To backup the encryption keys

1. From the Command Prompt window, change the directory to MIIS 2003 InstallationDirectory\Bin folder.

2. At the command prompt, type:

   miiskmu /eFileName [/u:UserName{Password | *}]

   The parameters are explained as follows:

   /e Exports the key set to a file

   FileName specifies the name of the file.

   /u specifies the Microsoft Identity Integration Server 2003 service account credentials.

   UserName The Microsoft Identity Integration Server 2003 service account name. Miiskmu supports the following formats:

   [DomainName\]UserName

   [DomainName.com\]UserName

   UserName@DomainName.com

   Password Specify the password for the Microsoft Identity Integration Server 2003 service account. Use * to prompt for the password.

   /? Displays help at the command prompt.

3. Click OK on the message, "The operation has completed successfully. The encryption keys were successfully written to a specified file location. Please store this file in a secure location."

Step 3: Backup Rules Extensions to File

In this step you will backup the rules extensions to file. Rules extensions are part of the MIIS 2003 SQL Server database but it is a good practice to have a separate backup copy of the rules extensions files.

To backup rules extensions to file

1. Open Windows Explorer and navigate to C:\Program Files\Microsoft Identity Integration Server\Extensions.

2. Save the files located in this folder to a disk or a network share.

Step 4: Uninstall IIFP from the Target Server

In this step you will uninstall IIFP from the target server. Uninstalling IIFP removes the software, management agents, and rules extensions from the server. The MicrosoftIdentityIntegrationServer SQL database and related files are not to be removed.

To uninstall IIFP

1. Click Start, point to All Programs, point to Add or Remove Programs and click Identity Integration Feature Pack.

2. Click Remove.

3. Click Yes to the message, "Are you sure you want to remove Identity Integration Feature Pack from your computer".

Step 5: Install MIIS 2003

In this step you will install MIIS 2003.

To install MIIS 2003

1. Insert the MIIS 2003 SP 1 CD-ROM into your CD-ROM drive, browse to the Enterprise folder and click Setup.exe.

2. After accepting the license agreement, choose Complete on the Type of Installation page.

3. On the Store Information page, specify the location of the SQL server and instance where the IIFP database is hosted. Click Next.

4. On the Service Account Information page, enter the service account name and password that you created for your IIFP installation. Populate the Domain or local computer name box with the appropriate values. Click Next.

5. On the Group Information page, ensure that all the MIIS groups reflect the correct values and click Next.

6. Click the Start button to begin installing the MIIS 2003 program files.

   Note

   A warning message may or may not appear that states the MIIS account is not secure in its current configuration. If this warning message appears you can find the complete list of best practice recommendations for creating a secure MIIS 2003 installation the MIIS 2003 Help.

7. Click Yes to the message that states, "A Microsoft Identity Integration Server database already exists." MIIS 2003 uses the previous database from your IIFP configuration.

   Note

   If the server has never had MIIS 2003 installed you will be prompted to import the encryption key that was backed up to file. The prompt for the key file name does not occur if the setup detects that a valid key set exists on the system. If you delete the user profile of the service account, the encryption keys get deleted and the prompt occurs.

8. The final page indicates that you have successfully completed the Microsoft Identity Integration Server setup. Click Finish to complete the installation and close the setup window.

Verification Steps

To ensure that the upgrade is successful, search the connector space by using the Search Connector Space option located within MIIS 2003. You can then view properties of a search result, or use Preview to test the effects of synchronization of an object with the metaverse and other connector spaces. To complete this procedure, you must be logged on as a member of the MIISAdmins security group.

To search for a connector space object

1. Click Start, point to All Programs, point to Microsoft Identity Integration Server, and then click Identity Manager.

2. On the Tools menu, click Management Agents.

3. In Management Agents, click a management agent with an associated connector space.

4. On the Actions menu, click Search Connector Space.

5. In Scope, perform one the of tasks listed below:

   1. To search the connector space for an object with a specific distinguished name or anchor:

      Click DN or Anchor, and then, in Specify distinguished name (DN) or anchor value, type all or the first part of the name of the object to search for. For directory-based management agents, you can search by distinguished name. For management agent types that do not have a distinguished name (for example, a database or nonhierarchical file-based management agent), you can search by anchor attribute because, in the metadirectory, the anchor attribute is treated as a distinguished name. This search will also be applied to RDN.

   2. To search the connector space for an object within a specific subtree:

      Click Sub-Tree, and then, in Specify distinguished name (DN) for sub-tree, type all or the first part of the distinguished name of the subtree to search for. This option returns all objects within the subtree.

6. Click Search. This should return all the associated objects in the connector space specified by the search parameters above. You can now safely assume that all the information from the previous IIFP installation was migrated to MIIS 2003.