Using Windows PowerShell to Deploy AD RMS

Updated: October 22, 2009

Applies To: Windows Server 2008 R2, Windows Server 2008 R2 with SP1

The Active Directory Rights Management Services (AD RMS) Windows PowerShell deployment module gives you the ability to install and provision the AD RMS server role on a computer running Windows Server® 2008 R2, to upgrade a server in an AD RMS cluster following a Windows upgrade, and to remove the AD RMS server role, all by using Windows PowerShell cmdlets. The module presents a drive namespace that consists of containers representing configuration settings you must make before installing the server role. Within this namespace, you manage cluster settings by creating and setting properties on items in the containers that are arranged hierarchically in the namespace, most often by using common Windows PowerShell cmdlets, such as New-Item and Set-ItemProperty. In some cases, the AD RMS Windows PowerShell deployment module implements special-purpose cmdlets to perform tasks that cannot be performed by using common cmdlets.

Note

To deploy AD RMS by using a Windows PowerShell session on a remote computer, you must enable the Credential Security Service Provider (CredSSP) and then specify -Authentication Credssp when creating the remote session. Note, however, that this practice increases the security risk of the remote operation because, if the remote computer is compromised, the credentials that are passed to it can be used to control the network session. For more information, type Get-Help Enable-WSManCredSSP -Full at a Windows PowerShell prompt.

Getting started

Before you can deploy AD RMS by using Windows PowerShell cmdlets, after starting Windows PowerShell, you must perform two tasks:

  1. Import the AD RMS Windows PowerShell deployment cmdlet module.

  2. Create a Windows PowerShell drive that represents the AD RMS cluster you want to create or join.

The following procedures explain how to perform each of these tasks.

Import the module

  • At the Windows PowerShell prompt, type:

    Import-Module ADRMS

Create the drive

  • At the Windows PowerShell prompt, type:

    New-PSDrive -Name<drivename> -PsProvider AdRmsInstall -Root<installType>

    where <drivename> is the name you want to assign to the new drive, and <installType> is the type of installation you want to perform:

    • RootCluster installs the AD RMS server role as the first server in a root cluster.

    • LicensingCluster installs the AD RMS server role as the first server in a licensing-only cluster.

    • JoinCluster installs the AD RMS server role as a member server in an existing root or licensing-only cluster.

    For example, to create a drive named RC that represents the first server in a root cluster, type:

    New-PSDrive -Name RC -PsProvider AdRmsInstall -Root RootCluster

See Also

Concepts

Understanding the AD RMS Deployment Provider Namespace
AD RMS Deployment Cmdlets
Installing an AD RMS Cluster
Joining an Existing Cluster
Adding or Removing Federated Identity Support
Upgrading the AD RMS Server Role
Removing the AD RMS Server Role