AD RMS Web Services

Applies To: Windows Server 2008

Active Directory Rights Management Services (AD RMS) Web services provides communication among computers in the AD RMS cluster.

Aspects

The following is a list of all aspects that are part of this managed entity:

Name Description

Active Directory Domain Services Availability

Active Directory Rights Management Services (AD RMS) uses Active Directory Domain Services (AD DS) to regulate access to rights-protected content for all AD RMS users in the AD DS forest. If AD DS is not available, AD RMS cannot grant licenses to publish and consume rights-protected content.

AD RMS Cluster Availability

An Active Directory Rights Management Services (AD RMS) cluster and its clients must have network access to publish and consume rights-protected content.

AD RMS Cluster Configuration

Servers in an Active Directory Rights Management Services (AD RMS) cluster are configured to both send and receive requests from AD RMS clients, other servers in the AD RMS cluster, and the AD RMS databases.

AD RMS Databases Availability

The Active Directory Rights Management Services (AD RMS) configuration database holds all configuration data for the servers in the AD RMS cluster. If the configuration database is not available, AD RMS users will not be able to publish and consume rights-protected content.

AD RMS Decommissioning

Decommissioning in Active Directory Rights Management Services (AD RMS) is the process in which rights-protected content receives a key to automatically decrypt it. Decommissioning is used when an organization must retire an AD RMS cluster. Servers in the AD RMS cluster should remain in decommissioning mode and available on the network until all rights-protected content has been decrypted. While the AD RMS cluster is in decommissioning mode, no new content can be published as rights-protected.

AD RMS Rights Policy Templates Integrity

Active Directory Rights Management Services (AD RMS) rights policy templates define a preconfigured set of parameters that can be used to protect sensitive information. Rights policy templates are stored in the AD RMS configuration database and shared to AD RMS clients.

AD RMS Super Users Configuration

The Active Directory Rights Management Services (AD RMS) super users group has full access to all rights-protected content created by that AD RMS cluster. If you decide to enable this group, you must create it in the Active Directory forest in which the AD RMS cluster is installed.

AD RMS Trust Hierarchy Determination

Active Directory Rights Management Services (AD RMS) supports two trust hierarchies: production, and ISV. The ISV hierarchy is used for developing AD RMS-enabled applications. The production hierarchy should be used for all production installations of AD RMS.

Important: The production hierarchy should be used for all AD RMS installations, unless you are developing an AD RMS-enabled application.

AD RMS Trust Policy Integrity

Trust policies in Active Directory Rights Managemenet Services (AD RMS) allow users to share rights-protected content across Active Directory Domain Services (AD DS) forests that are either internal or external to the organization.

RMS Client Activation

When you use a Rights Management Services (RMS) version 1.0 client with no service pack installed for the first time, the RMS-enabled client contacts the Microsoft Activation service over the Internet to receive its machine certificate, which identifies the computer as trusted by RMS. If the activation URL is not available when the client attempts to activate, the activation process fails. 

Active Directory Rights Management Services