Step 2 - Install AD RMS

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

This step explains how to install AD RMS using the CNAME records.

To install AD RMS using CNAME Records

  1. Log on to ADRMS.fabrikam.com as Administrator.

  2. Click Start, point to Administrative Tools, and then click Server Manager. This will bring up the Server Manager.

  3. From the Server Manager, on the left, select Roles. This will populate the right pane with a Roles Summary.

  4. On the right, select Add Roles. This will bring up the Add Roles Wizard.

  5. On the Add Roles Wizard, click Next. This will bring up the Server Roles screen.

  6. From Server Roles, place a check in Active Directory Rights Management Services. This will bring up a box that says Add role services and features required for Active Directory Rights Management Services? Click Add Required Roles Services.

  7. Once this is complete, click Next. This will bring up the Active Directory Rights Management Services introductory screen. Click Next. This will bring up the Role Services screen.

  8. On the Roles Services screen, leave the defaults and click Next. This will bring up the AD RMS Cluster screen.

  9. On the AD RMS Cluster screen, leave the default of Create a new AD RMS cluster and click Next. Because this is the root cluster, the other option will be greyed out. This will bring up the Configuration Database screen.

  10. On the Configuration Database screen, select Use a different database server. Under Server enter RMS-SQL.fabrikam.com and click Get Database Instances. From the drop-down, select Default. Click Validate. If this is successful, there should be no error message. Click Next. This will bring up the Service Account screen.

  11. On the Service Account screen, click Specify. This will bring up a Windows Security box. For User name enter ADRMSService and for Password enter Pass1word$. Click OK. On the Service Account screen, click Next. This will bring up the Cluster Key Storage screen.

  12. On the Cluster Key Storage screen, leave the default of Use AD RMS centrally managed key storage and click Next. This will bring up the Cluster Key Password screen.

  13. On the Cluster Key Password screen, for Password enter Pass1word$, for Confirm Password enter Pass1word$. Click Next. This will bring up the Cluster Web Site screen.

  14. On the Cluster Web Site screen, leave the default of Default Web Site and click Next. This will bring up the Cluster Address screen.

  15. On the Cluster Address screen, leave the default of Use an SSL-encrypted connection (https://) and under Internal Address enter RMS.fabrikam.com. Leave the default port of 443. Click Validate. If this is successful, https://RMS.fabrikam.com should appear under Preview of cluster address for clients on the network. Click Next. This will bring up the Server Authentication Certificate screen.

  16. On the Server Authentication Certificate screen, select Choose a certificate for SSL encryption later. This will bring up the Licensor Certificate Name screen. Once the installation is complete, a SSL certificate can be requested through IIS. For information on how to do this, see Import an SSL Certificate Using Internet Information Services (IIS) Manager (https://go.microsoft.com/fwlink/?LinkID=154912).

  17. On the Licensor Certificate Name screen, leave the default Name of ADRMS and click Next. This will bring up the SCP Registration screen.

  18. On the SCP Registration screen, leave the default of Register the AD RMS service connection point now and click Next. This will bring up the Web Server (IIS) screen.

  19. On the Web Server (IIS) screen, click Next. This will bring up the Role Services for IIS screen.

  20. On the Role Services for IIS screen, leave the defaults and click Next. This will bring up the Confirmation screen.

  21. On the Confirmation screen, click Install. This will bring up Progress screen.

  22. Once the Progress screen has completed the installation has completed. Click Close.

Warning

Before you administer AD RMS, you will need to log off and then log on again.

![](images/Ff625683.75f2f842-1101-4026-a071-da1a963e5b82(WS.10).jpg)