Unraveling the unattended install options of ILM

One of the less known features of ILM is the unattended install.

FYI, fellow MVP ILM Craig Martin already posted a thread the Microsoft ILM Technet forum.

But there is more…

A typical installation of ILM holds following steps:

1. Start installation.


2. Happily agree with the EULA


3. Enter the product license key (PID)


4. Choose installation mode (Complete or custom)


5. Choose SQL server


6. Set service account


7. Set the MIIS groups (if necessary on the domain)


8. Start installation



9. Save the encryption key


And finished.


At the end ILM asks you to logoff to update group memberships.

As shown in the screenshots, following manual actions must be taken during setup:

  • Agree on EULA
  • Enter PIDKEY
  • Choose installation type
  • Configure SQL server
    • server name
    • instance
  • Set Service Account
    • Name
    • Password
    • Domain
  • Set Administration Groups
  • Backup encryption key

When running an unattended (GUI-less) install, some of the options are automatically taken care of:

– agree on EULA

– installation type

But how do you put the other parameters in an unattended install?

First of all you should know some basics of the Windows installer and the MSI files.

When you want to run an unattended install you use a command-line based setup procedure, based on the Windows Installer (msiexec) or equivalent.

This Command-Line Options page on the Windows Developer Center explains the options available.

And interesting remark on the page is this one: (quote)

“Only public properties can be modified using the command line. All property names on the command line are interpreted as uppercase but the value retains case sensitivity. If you enter MyProperty at a command line, the installer overrides the value of MYPROPERTY and not the value of MyProperty in the Property table. For more information, see About Properties.”

It’s quiet simple to demonstrate this.

Run the ILM installation with the full logging option enabled, like:

C:\ILM\MIIS\Setup>msiexec /l* miislog.log /i "Microsoft Identity Integration Server.msi".

After installation take a quick look at the end of log.

You’ll see an extensive list of property references, like:


Property(C): INSTALLDIR = C:\Program Files\Microsoft Identity Integration Server\


Also note the difference between the UPPERCASE and lowercase properties…


The log file lists a lot of information but it’s not clear if it contains the complete list…

It’s just a presentation of the data used.

To know more about it, you need to explore the MSI file itself.

I discovered an interesting tool for exploring a MSI file: Orca MSI editor. (actually found it here)

Opening the ILM MSI file (in read only), shows interesting info:


You certainly recognize the info of Craig’s post.

Check the ‘Property’ table.

But you’ll find even more information, for example, the entire installation procedure with the different screen definitions like I mentioned in the beginning of my post.

But let’s make it clear: DO NOT MESS AROUND, just look at it, read-only.

Craig already covered following MSI public properties:


But also following interesting parameters can be used

  • SQLINSTANCE (to install to another SQL instance than default)
  • DBFILEMMSLOCATION (to influence the SQL Database file location)
  • LOGOFF (force logoff*)

If you put it all together, you’ll get a command like :

msiexec /l* miislog.log /i "Microsoft Identity Integration Server.msi" PIDKEY=XXXX1234XXXX1234XXXX1234 serviceaccount=MIISService servicepassword=******** servicedomain=<domain> GROUPADMINS=MIISAdmins GROUPOPERATORS=MIISOperators GROUPACCOUNTJOINERS=MIISJoiners GROUPBROWSE=MIISBrowse GROUPPASSWORDSET=MIISPasswordSet storeserver=<sqlserver> sqlinstance=<OTHERINSTANCE> installdir=<c:\otherdirectory> DBFILEMMSLOCATION=2 logoff=1 /qn


  • /l* <logfile> : logs all info to the log file
  • DBFILEMMSLOCATION=2 : defaults to SQL default DB location
  • logoff=1: forces logoff
  • /qn : quiet install (n = no interface), more detailed info on command line options page


But you probably noticed that the encryption key backup is missing…

You need to backup your encryption key after installation.

The miiskmu.exe utility (installed with ILM) can be used for this.

From the miiskmu help (run miiskmu.exe /? in the command prompt):

(quote) “

Microsoft Identity Integration Server Key Management Utility
Microsoft Identity Integration Server Key Management Utility v3.3.0118.0
Copyright (c) Microsoft Corporation. All rights reserved   

Key set:         1

Usage: MIISKMU /e filename [/u:username {password | *}] [/q]
/e              Export key set to file
filename        Filename
/u:             Service account credentials
username        [domain\]username
password        Password (specify ‘*’ to prompt for password)
/q              Quiet mode (no pop up dialog boxes)

NOTE: If calling this application from a batch file, prefix the command with "cmd /c "
to have the ERRORLEVEL set to the success/error code of the operation.

Press CTRL+C to copy message box text.

Keep in mind: it’s not officially supported, and completely at your own risk.

Be careful, some of the public properties seem not behaving as expected (*) or not working…

(For example : logoff parameter not always reliable and the installation fails when changing the database name parameter.)


Don’t blame the messenger when looking under the hood.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.