Understanding the AD RMS Prelicensing Agent

  • Article

[This is pre-release documentation and subject to change in future releases. This topic's current status is: Writing.]

Applies to: Exchange Server 2010 Beta* *Topic Last Modified: 2008-12-08

You can use the Active Directory Rights Management Services (AD RMS) Prelicensing agent to certify the Microsoft Office Outlook recipient's authenticity so that the recipient can open messages without receiving a credential prompt on every attempt. Before you deploy this agent, make sure that you have performed the following tasks:

  • Coordinate your deployment plans with your RMS administrator.
  • Verify that the software on the AD RMS server and the Hub Transport server is upgraded correctly.
  • Configure the Hub Transport server and the AD RMS Prelicensing agent.

The AD RMS Prelicensing agent is included in Microsoft Exchange Server 2010. You must be running Exchange 2010  on all Hub Transport servers in your organization to enable the AD RMS functionality in Exchange 2010.

Planning for RMS Server Upgrade and Configuration

The AD RMS Prelicensing agent works only with RMS Server on Windows Server 2003 SP2, or Active Directory Rights Management Services on Windows Server 2008 – X64. In addition, the permissions on the server certification pipeline, which is named servercertification.asmx, must be set so that the account that is used on your Hub Transport server can access the AD RMS server or server cluster. The AD RMS administrator typically manages both tasks.

Note

If the Exchange server and AD RMS server are in different forests, you must establish a one-way forest trust. The AD RMS Prelicensing agent, which is installed in the Exchange forest, requires access to the forest in which AD RMS resides to query the Active Directory directory service. The AD RMS administrator establishes the trust.

For information about AD RMS service upgrades and configuration steps, see Planning for the Integration of the Rights Management Services Prelicensing Agent.

For information about the feature changes between Windows Server 2003 and Windows Server 2008, see Terminology Changes.

Planning for the Hub Transport Server Configuration

The AD RMS Prelicensing agent requires the following configuration on the Hub Transport server:

  • Upgrade the AD RMS client by using Windows RMS Client on Windows Server 2003 SP2. Or install Active Directory Rights Management Services client on Windows Server 2008 – X64 on the Exchange 2010 Hub Transport server that hosts the AD RMS Prelicensing agent.
  • Register the Rightsmanagementwrapper.dll on the Hub Transport server.
  • Enable the AD RMS Prelicensing agent.

After the AD RMS upgrade and configuration and the Hub Transport server configuration are complete, e-mail recipients who use Microsoft Office Outlook Web Access or Office Outlook 2003 can open rights-protected messages without having to submit their credentials. The batching of licensed messages, which is a feature of RMS Server on Windows Server 2003 SP2, occurs on the AD RMS server or server cluster. The AD RMS Prelicensing agent uses this feature to provide e-mail recipients with easier access to their rights-protected messages.

For More Information

Planning for the Integration of the Rights Management Services Prelicensing Agent