Active Directory Support for RMS

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

RMS uses Active Directory for the following purposes:

  • Providing user authentication. Active Directory provides the directory services that are used to authenticate users of RMS. For more information about authentication and RMS, see "RMS Security Model" later in this subject.

  • Resolving group membership and individual user account identities. Active Directory provides information about group membership that RMS uses to grant use licenses to rights-protected content when the publishing license grants rights to groups rather than to individual user accounts. To reduce the number of LDAP queries that are made to Active Directory, RMS caches the information that is obtained in a local cache, as well as in a centralized directory services database. For more information, see "RMS Active Directory Cache" and "RMS Directory Services Database" earlier in this subject.

  • Storing the RMS service discovery location. Service requests (such as for a use license, a publishing license, or sub-enrollment of a server in a licensing-only cluster) must be sent to the URL for the executable module of the Web service that is granting the request. All service requests begin with an Active Directory query for the URL of the server Web service (Server.asmx), which in turn provides the appropriate URL for the service request. For more information, see "RMS Service Publication and Discovery" later in this subject.