AD RMS and Windows Mobile Step-by-Step Guide

Betrifft: Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 R2 with SP1

About this Guide

This step-by-step guide will help you use Active Directory-Rechteverwaltungsdienste (Active Directory Rights Management Services, AD RMS) on a Windows Mobile 6 or later device. Specifically, this guide will show you how to configure the AD RMS cluster for Microsoft Windows Mobile® integration and how to activate AD RMS on a Microsoft Windows Mobile® device.

This guide assumes that you have previously completed the Active Directory Rights Management Services Step-by-Step Guide (, and that you have already deployed the following components:

  • An Active Directory domain controller

  • An AD RMS server

  • A database server to host the AD RMS databases

  • An AD RMS-enabled client

This guide also assumes that you have deployed a Microsoft Exchange Server 2007 with the Client Access role. The Client Access role supports Microsoft Exchange ActiveSync clients, such as Windows Mobile. For more information about the Client Access role in Exchange Server 2007 read the Planning for Client Access Servers article ( Finally, this guide assumes that you have a Windows Mobile 6 or later device that can connect to the AD RMS-enabled client and that you have installed and configured Microsoft Office Outlook 2007 on the AD RMS-enabled client computer. In addition, you must set up an Outlook mailbox for users Stuart Railson and Nicole Holliday. For guidance on how to deploy Exchange Server 2007 and Windows Mobile 6 see the article Windows Mobile 6 and Exchange Server 2007 Deployment Procedures (

What this guide does not provide

This guide does not provide the following:

  • Guidance for setting up and configuring AD RMS in either a production or test environment.

  • Complete technical reference for AD RMS or Windows Mobile.

Deploying AD RMS in a Test Environment

We recommend that you first follow the steps provided in this guide in a test lab environment. Step-by-step guides are not necessarily meant to be used to deploy Microsoft products without accompanying documentation and should be used with discretion as a stand-alone document.

After completing this step-by-step guide, you will have a working AD RMS infrastructure with Windows Mobile 6 integration. You can then test and verify AD RMS functionality as follows:

  • Restrict permissions on a Office Outlook 2007 e-mail message in the domain.

  • Have an authorized user in the domain open the message.

  • Attempt to share the message with an unauthorized user.

The test environment described in this guide includes five computers connected to a private network and using the following operating systems, applications, and services.


Computer Name

Operating System

Applications and Services


Windows Server 2008

AD RMS, Internet Information Services (IIS) 7.0, World Wide Web Publishing Service, and Messaging Queuing


Windows Server 2003 with Service Pack 2 (SP2)

Active Directory and Domain Name System (DNS)


Windows Server 2003with SP2

Microsoft SQL Server 2005 Standard Edition with Service Pack 2


Windows Vista mit SP1

Microsoft Office Word 2007 Enterprise Edition and Microsoft Office Outlook 2007


Windows Server 2008

Microsoft Exchange Server 2007

The computers form a private intranet and are connected through a common hub or Layer 2 switch. This configuration can be emulated in a virtual server environment if you want. This step-by-step exercise uses private addresses throughout the test lab configuration. The private network ID is used for the intranet. The domain controller is named CPANDL-DC for the domain