Hotfix rollup package is available for MIM 2016 SP1 (Build

A large new hotfix rollup package is available for Microsoft Identity Manager 2016 SP1 (MIM 2016).

It has a lot of fixes and enhancements in it. Build Version is

Hotfix rollup package (build is available for Microsoft Identity Manager 2016 SP1

You can download it from here.

Summary of fixes and enhancements

Synchronization service
  • *Support for Group Managed Service Accounts
  • *Visual Studio Support (Visual Studio 2013,Visual Studio 2015,Visual Studio 2017)
  • Updates to MIISACTIVATE.EXE, gMSA Support added
    • non-gMSA: Miisactivate.exe c:\configBU\miiserver_01.bin “contoso\mimSyncService” *
    • gMSA: Miisactivate.exe c:\configBU\miiserver_01.bin “contoso\mimSyncService”
  • Updates to MIISKMU.exe, gMSA Support added
    • non-gMSA:MIISKMU.exe /e c:\configBU\miiserver_02.bin” /u:”contoso\mimSyncService”
    • gMSA:MIISKMU.exe /e c:\configBU\miiserver_02.bin” /u:”contoso\mimSyncService” *
  • Updated partition information is saved as expected when the Refresh then OK buttons are clicked
  • When indexing an Indexable String attribute is too long an Unexpected Error was returned, more descriptive error message is now returned
  • Creating a Text File management agent when the MIM Synchronization Service is installed on Windows Server 2016, some text encoding options, including Unicode were unavailable
  • MIM Service MA If an export error message contains an invalid character, this causes corruption in the run history entries. This build we removed from the error message before being saved to the connectorspace object and run history
MIM service
  • *Support for Group Managed Service Accounts
  • *Improved Language support to new defined standard
  • *FIMAutomation Export-FIMConfig PowerShell cmdlet the “-PamConfig” argument is available to force the PAM configuration objects to be exported
  • *FIMAutomation Export-FIMConfig PowerShell cmdlet the “-request” parameter has been added
  • *Boolean attributes are always set to NULL upon binding creation, Previous Boolean before hotfix will not be updated
    • Important This can be a breaking change if performing a configuration migration or new object creation.
    • Configuration should be evaluated and updated for new feature as configuration migration is considered a new
    • Implemented initialization of new MIM Boolean attributes to false on creating new object implemented initialization of new MIM Boolean attributes to false on adding new Boolean attribute binding to the resource
  • Customer Experience Improvement Program setting is maintained to false
  • MIM Service installation failed with Database Upgrade error: Cannot insert the value NULL into column ‘Name’ if not default database name is used
  • In hotfix cases the Office 365 setting would be cleared, The encrypted password for the MIM Service’s Exchange Online mailbox is not changed
  • *There was no limit to the MIM Service log file created, Updated logging default setting and implemented circular logging capability
Privilege Access Management
  • *Support for Group Managed Service Accounts
  • *Improved Language support to new defined standard
  • Objects that use unmanaged resources are not cleared on time. these objects will be properly cleaned up
  • *New-PAMRole PowerShell cmdlet the “-disableAutoApproveIfOwner” deny self-approval for the role
    • Get-PamRequest PowerShell cmdlet the “-CreatedFrom” allows for the filtering od PAM specific request
  • *PAM Module Additions
    • Get-PAMSet
    • Add-PAMSetMember
    • Remove-PAMSetMember
  • The warning (Exception: System.ObjectDisposedException: Cannot access a disposed object) will no longer appear in the PAM event log
  • Set-PAMUser cmdlet is able to change the PrivAccountName without the delete
  • New-PamRole now validates that the “available to” date is greater than the “available from” date
  • The “Available From” and “Available To” values are returned by the Get-PAMRole PowerShell cmdlet
  • The Get-PamRequest cmdlet filter is now properly
  • *Set-PamGroup cmdlet is now able to update the Active Directory shadow principal group object
  • Remove-PamUser PowerShell cmdlet fails with an unclear error message, if the user is linked to a Role as a candidate. Now client-side validation was added to the cmdlet, and the exception returned was clarified
  • Change Mode PAM accounts are not exposed for configuration
    • PAM Rest API account
    • PAM Component service account
    • PAM Monitoring service account
Microsoft Identity Portal
  • *Support for Group Managed Service Accounts
  • *Improved Language support to new defined standard
  • Identity Picker control, the control seems to dynamically grow its width rather than wrapping the text
  • Portal, popup dialogs aren’t displayed properly when viewing in Internet Explorer (IE) 10
  • Cyrillic symbols in the title bar text is displayed correctly
  • Popup windows no longer have the extra scroll bar displaying, when viewed in Internet Explorer
  • Failed “Import Workflow Definition” properly throws an exception and recovers, allowing a Synchronization Rule activity to be added to the workflow definition
  • added to default web.config
  • Special characters in the distinguishedName no longer prevents Self-Service Password Reset from resetting the user’s password in the Active Directory
  • Improvements in the sentences are properly localized in the display
  • MIM Add-in for Outlook includes a copy of the missing Outlook interop binaries
Certificate Management
  • Renewing a virtual smart card through the MIM CM Modern App, user receives Forbidden exception
  • *Improved Language support to new defined standard
  • PIN Utility “CLM has encountered an error while trying to change Smart Card PIN. Wrong number of Arguments or Invalid Property Assignment.”
  • Update to the MIM Certificate Authority Modules from 4.4.1302.0 to a build later than 4.4.1459, the setup fails
  • Modern App for Renew, Enroll, and Replace operations, the request history doesn’t contain all request status items as are recorded
  • Online Update doesn’t complete and returns the exception “Record has been updated or deleted by another user.”
  • The “Download Certificate” link in the Certificate Management Portal, the certificate download (.cer file) was too large
  • MIM Certificate Management Bulk Client will work with both TLS 1.1 and TLS 1.2.



Author: Peter Stapf

Senior Consultant Identity and Access

5 thoughts on “Hotfix rollup package is available for MIM 2016 SP1 (Build”

  1. Hi Peter, I have installed this Hotfix on a Customer Environment (clean Installation) and on two of mine Sandbox Machines. On every Maschine i have the same Problem, that the Sychronization Engine can not synchronizing there informations sucessfully to the portal. Means the MA-DATA Objects will be deleted and not recreated for all Management Agents with Synchronization Rules. Did you have the same Problem on your Environments?
    KR Mario Bader

      1. Yes: in the EventLog ==> 6331

        A update on the configuration of a MA or MV failed to replicate to a target connector directory that is capable of storing MA/MV configurations. As a result, the MA/MV configuration data in this connector directory is not up to date. Please correct the condition that causes the error, and triggers a resync by updating the password information of the target MA.

        Additional information:
        Error Code: 0x80230020
        Error Message: (Management agent encountered an error exporting to the connected directory.)
        Operation: Create MA
        Name of the MA to replicate: I_SQL_MyM-HR
        Guid of the MA to replicate: {ED6A493B-8B74-4C80-A6EF-062457A28A60}
        Name of the target MA: IE_MIM_Portal
        Guid of the target MA: {1D151FF3-EBF3-4F63-AF96-85F73FA9AF21}

        Yes: in the Search Request

        Validation Error ==> Create ma-data: ‘I_SQL_MyM-HR’ Request
        Dispatch Request Failure Source: ‘Other’

      2. I did not have that before or at other customers, but when I updated my testlab this morning I can see the same error at my MIM implementation. But only with a few MAs some other are working, so I think it must be an error on that MAs not in general.

        I had that error in the past and documented it here in my blog see:

        But still try to get around that error on myself. Will post a resolution if I find any.

        You may also want to ask in the MIM forum in the meantime because I’m also not at home the whole weekend.
        So in addidition try post the issue here:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.