If MIM fails to install with the error:
Calling custom action Microsoft.IdentityManagement.ServerCustomActions!Microsoft.IdentityManagement.ServerCustomActions.CustomActions.AddServiceToPerformanceMonitors
Adding FIMService account to ‘Performance Monitor Users’ group
Property name = ‘ServiceAccount’, value = ‘XXXXX\XXXXX$’.
Domain AD found
Exception thrown by custom action:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. —> System.UnauthorizedAccessException: Access is denied.
Check your domain controllers for the following error in the event log
This is due to Network access: Restrict clients allowed to make remote calls to SAM being set on the domain controllers.