Need for Microsoft Identity Manager (MIM) in a SharePoint 2016 farm

The only option offered by SharePoint 2016 for User Profile Synchronization is Active Directory Import.

Active Directory Import is a fast and reliable option and is easy to configure. However, there are certain limitations to using this feature. These are

  1. Import is unidirectional (changes go from Active Directory to SharePoint Server Profile).
  2. Import from a single Active Directory forest only.
  3. Does not import user photos automatically.
  4. Supports Active Directory LDAP only.
  5. Multi-forest scenarios are not supported.

Previous versions of SharePoint Server (SharePoint 2013 and older versions) had by default supported all the scenarios listed above. This was made possible by ForeFront Identity Manager (FIM) which was built-in the SharePoint Server product. FIM powered the User Profile Synchronization in these versions. Starting with SharePoint Server 2016, FIM is no longer included as part of the SharePoint software. The recommendation from Microsoft is to instead use Microsoft Identity Manager 2016.

If you foresee needing any of the features listed above, then an implementation of Microsoft Identity Manager (MIM) is required.

Microsoft Identity Manager(MIM) is a separate server technology that works independent to SharePoint Server. MIM is the successor to Microsoft’s Forefront Identity Manager.

MIM allows for additional capabilities for User Profile synchronization to a SharePoint 2016 farm such as

  1. Flexibility for customized import.
  2. Can be customized for bidirectional flow.
  3. Imports user profile photos automatically.
  4. Supports non-Active Directory LDAP sources.
  5. Multi-forest scenarios are supported.

Implementing MIM requires the installation and configuring of additional servers. Additional details on Microsoft identity Manager in relation to SharePoint Server 2016 can be found here (