Hi Team,
Hope you all are doing good. I need some guidance with the MIM and PAM deployment and design.
Our clients wants to use fresh new installed components of MIM and PAM in their environment.
They currently have 4-5 Domain Controllers with necessary FSMO roles enabled , spread across two data centers for HA.
For us to build a solution with HA for both MIM and PAM , what is the best approach?
a.Considering we have a main forest as abc.com and within that we have a domain xyz.abc.com
b.I understand that for PAM we need to have a separate new forest(bastian) , so does this mean I have to install and configure a new DC with name something like pqr.com? ( in this way abc.com and pqr.com will be two separate forest and I can then build PAM
trust between them )
c.For MIM to be installed and configured, do I need to install MIM on Virtual machines which are joined to PAM's forest i.e. pqr.com ?
d.If I do point number C, in that case can I use that same MIM server ( which is under pqr.com domain ) to provision users in various target applications like SAP , AD (xyz.com) or exchange servers?
e.Since we are in design phase , are there any design recommendations which I can refer and build my own?
Requesting your assistance here.
Thank you,
Parin Das