First published on MSDN on Aug 07, 2015
After you install FIM (Forefront Identity Manager) or MIM (Microsoft Identity Manager) one of the first things you need to do after you ensure that the correct people that will be administrating or supporting the the Synchronization Service are include in the correct Synchronization Service Admin Groups is to back up the Encryption Key. The Encryption Key should be stored in a secure location (not on the server that the Synchronization Service is installed on) this Encryption Key is a vital component to the restore of your Synchronization Service if you are ever presented with a situation where you need to restore your Synchronization Service. Without this Key the current data and configuration that the FIMSynchronizationService Database holds would be lost in a sense as it would be unusable. This would add to the time it takes to properly restore your Synchronization Service and add additional complexity and possibly introduce more issues while trying to restore your environment.
it may also be a best practice to make the Making up of the Encryption Key as part or the Extended Backup process. This doesn't mean that you should back it up every day or even every week but possibly make this part of your monthly, or bi monthly back up procedure that would be in addition to the normal daily back up process. I do not believe that the Encryption Key ever changes so 1 good back up of the Encryption Key should be good for the life of the Synchronization Service but one can never be too safe which is why i like to add this in the extended backup procedure.
Backing up the Encryption Key
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.