Trusted User Domains

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

By default, RMS does not issue use licenses to users whose rights account certificates were issued by a different user domain. A user domain is an RMS installation that consists of a root cluster, optional licensing-only clusters, and associated databases.

You can configure RMS so that it processes this type of request by importing the server licensor certificate of another user domain, and adding it to the list of trusted user domains. When you do this, users whose account certificates were issued by the trusted user domain can submit requests for use licenses to your installation. These use licenses will be processed as if they were requests from internal users.

Note

The root cluster is automatically on the list of trusted user domains for all RMS clusters in the same installation.

You can allow users from different user domains to share protected content. This is described in the following examples:

  • Your organization is working closely with another organization on confidential documents that you want to share and protect. The other organization is also running RMS. The two organizations can add each other's RMS installation to their list of trusted user domains, so that users who are in both organizations can work together on rights-protected content and exchange it over the Internet or on an extranet.

  • You can have only one RMS installation in each Active Directory forest. Your organization has deployed more than one Active Directory forest, and they are each running RMS. Users want to share rights-protected content with other users, regardless of the forest in which they reside. To allow this, you can add the RMS installation of the other forests to the list of trusted user domains that are in each forest.

  • Users who are in your organization are working with users in another organization on confidential documents that they want to protect. The other organization is not running RMS. Users who are in the other organization can establish Windows Live ID accounts, and you can add Windows Live ID to the list of trusted user domains for your RMS installation. Users in both companies can now work on rights-protected content and exchange it over the Internet.

For more information about trusted user domains and step-by-step instructions, see "Adding and Removing Trusted User Domains" and "Establish Trust Policies" in "RMS: Operations " in this documentation collection.