Unattended Installation of FIM 2010
Applies To: Forefront Identity Manager 2010
Unattended installation of FIM 2010
All components of Microsoft® Forefront® Identity Manager (FIM) 2010 accept properties that allow unattended and silent installation. Those properties can either be set in a Windows Installer Transform (MST) file or specified on the command line during installation.
The FIM installation packages do not support advertisement (msiexec /j) or administrative (msiexec /a) installations.
There are several different ways to install FIM silently (unattended). Two methods are described in this section: pass-in parameters in a command line and MST files. It is outside the scope of this document to describe unattended installations in general.
Pass-in parameters on the command line
This can be used with Microsoft System Center Configuration Manager 2007. To install, silently use the command msiexec with an option, followed by properties, for example:
Msiexec /i NameofMSI.msi /Option ADDLOCAL=MSIFeatureName Property=Value
The possible values of MSIFeatureName and Property can be found in Features and properties later in this document. Note that all parameters are case sensitive.
The following is an example command for an installation of FIM Add-ins and Extensions from a file server where only the FIM Outlook add-in is installed:
msiexec /i “\\MyServer\Distribution\FIM\32\Add-ins and extensions.msi” /quiet ADDLOCAL=OfficeClient PORTAL_LOCATION=MyPortalServer PORTAL_PREFIX=https MONITORED_EMAIL=fimservice@contoso.com
Note
Windows Installer has a limit of 256 characters in the path when for installation of applications. Ensure that you do not place the root of the tree in a very deep structure, or the installation might fail.
Create an MST file
Another solution is to use an MST file. MST files can be created with tools such as Orca (shipped with the Windows Software Development Kit (SDK)), and they contain the same settings as are passed in on the command line.
Troubleshoot an installation
If an unattended installation fails, add the option /l*v NameOfLogFile.txt to the command line. This option creates a log file that you can use for troubleshooting. You can identify an error in a Windows Installer log file by looking for the text Return Value 3.
Features and properties
The tables in this section list the settings in the order that they appear during the user interface (UI) installation. Default values are in brackets.
Table 1 Name of feature in Windows Installer file
| Name of feature in UI | Windows Installer feature name |
|---|---|
FIM Add-in for Outlook |
OfficeClient |
FIM Password and Authentication Extensions FIM Password and Authentication Extensions for Windows XP FIM Password and Authentication Extensions for Windows Vista |
PasswordClient |
FIM Portal Authentication Extensions |
PasswordClientX86 |
FIM Service |
CommonServices |
FIM Portal |
WebPortals |
FIM Password Reset Portal |
PwdPortals |
FIM Synchronization Service |
N/A (only one feature in the installer) |
Forefront Identity Manager Certificate Management (FIM CM) Update Service |
CLM_Service |
FIM CM Portal |
Web_Files |
FIM CM CA Modules |
CA_Modules |
FIM CM Smart Card PIN Reset Tool |
ChangePin |
FIM CM Smart Card Personalization Control |
AppletManagement |
FIM CM Smart Card Client |
SelfServiceControl |
FIM CM Update Client |
ProfileUpdateControl |
FIM CM Bulk Issuance Client |
ClientFiles |
Microsoft Password Change Notification Service |
PCNSSVC |
Table 2 FIM Service and FIM Portal properties
| Property name | Description |
|---|---|
SQMOPTINSETTING |
1 – opt in, 0 – opt out (default) |
SQLSERVER_SERVER |
(Required) Name of SQL Server instance |
SQLSERVER_DATABASE |
Name of database (FIMService) |
EXISTINGDATABASE |
0 – New database (default), 1 – Existing database |
SERVICE_ACCOUNT_NAME |
(Required) Service account name |
SERVICE_ACCOUNT_PASSWORD |
(Required) Service account password |
SERVICE_ACCOUNT_DOMAIN |
(Required) Service account domain |
SERVICE_ACCOUNT_EMAIL |
(Required) Service account e-mail address |
SYNCHRONIZATION_SERVER_ACCOUNT |
FIM Service Management Agent account in format domain\accountname |
CERTIFICATE_NAME |
Name of certificate to generate (ForefrontIdentityManager) |
MAIL_SERVER |
(Required) Name of mailserver |
MAIL_SERVER_IS_EXCHANGE |
0 – SMTP, 1 – Exchange (default) |
MAIL_SERVER_USE_SSL |
0 – Disable SSL, 1 – Enable SSL (default) |
POLL_EXCHANGE_ENABLED |
0 – Server will not poll for e-mail messages1 – Server will poll for e-mail messages (default) |
SYNCHRONIZATION_SERVER |
(Required) Address of FIM Synchronization Service server |
SERVICEADDRESS |
Address used by clients to contact the server |
SHAREPOINT_URL |
URL used to contact the SharePoint server |
FIREWALL_CONF |
0 – Do not configure firewall (default)1 – Configure firewall |
SHAREPOINTUSERS_CONF |
0 – Do not add authenticated users (default1 – Add authenticated users |
PASSWORDUSERS_CONF |
0 – Do not add authenticated users (default1 – Add authenticated users |
SHAREPOINTTIMEOUT |
Timeout in seconds the installer should wait for Office SharePoint to deploy the solution packs. |
Table 3 Synchronization Service properties
| Property Name | Description |
|---|---|
STORESERVER |
Name of SQL Server |
SQLDB |
Name of database (FIMSynchronization) |
SQLINSTANCE |
Name of database instance |
SERVICEACCOUNT |
(Required) Service account name |
SERVICEPASSWORD |
Required) Service account password |
SERVICEDOMAIN |
(Required) Service account domain |
GROUPADMINS |
Name of admin group (FIMSyncAdmins) |
GROUPOPERATORS |
Name of operators group (FIMSyncOperators) |
GROUPACCOUNTJOINERS |
Name of joiners group (FIMSyncJoiners) |
GROUPBROWSE |
Name of browse group (FIMSyncBrowse) |
GROUPPASSWORDSET |
Name of password set group (FIMSyncPasswordSet) |
FIREWALL_CONF |
0 – Do not configure firewall (default)1 – Configure firewall |
Table 4 Add-ins and Extensions properties
| Property name | Description |
|---|---|
SQMOPTINSETTING |
1 – opt in, 0 – opt out (default) |
RMS_LOCATION |
Address to the FIM Service. Used by Password Reset extensions |
PORTAL_LOCATION |
Address to the FIM Portal. Used by Outlook add-in. |
PORTAL_PREFIX |
Prefix used to contact the FIM Portal. http or https (default) |
MONITORED_EMAIL |
FIM Service e-mail address. Used by the Outlook add-in when sending e-mail messages. |
SITELOCK_DOMAIN |
Semi-colon separated list of sites the Password Reset ActiveX control can be activated on |
IE7TRUSTEDSITES |
If Internet Explorer 7 is installed, then this is the prefix to add to the list of sites defined in SITELOCK_DOMAIN. None – Do not add sites to trusted sites (default)http – Add sites with http as prefixhttps – Add sites with https as prefix |
BEST_EFFORT_INSTALL |
If both components are selected, but one cannot be installed due to failed prerequisites, silently continue installation with the other component.0 – Fail installation (default)1 – Silently continue |