Setting Properties on Objects in the AD RMS Drive Namespace

Published: July 8, 2009

Updated: October 22, 2009

Applies To: Windows Server 2008 R2, Windows Server 2008 R2 with SP1

Setting properties on objects in the drive namespace is similar to using a wizard to specify configuration settings when installing a server role. Before you can finish the installation by running the Install-ADRMS cmdlet, you must provide necessary information about the initial configuration of the server role. The following table lists the required settings and the properties that represent those settings in the drive namespace.

 

Setting name Property name Location

Setting the database server

ServerName

<drive>:\ClusterDatabase

Setting the database name

DatabaseName

<drive>:\ClusterDatabase

Setting the cluster key password

CentrallyManagedPassword

<drive>:\ClusterKey

Setting the service account

ServiceAccount

<drive>:\

Setting the cluster Web site

WebSiteName

<drive>:\ClusterWebSite

noteNote
The CentrallyManagedPassword property is not available if you are using either a software- or hardware-based cryptographic service provider (CSP) to protect the cluster key. If you are using a CSP, you must manually move the cluster key to the other computers before installing AD RMS. Consult the CSP documentation for procedures on moving the cluster key.

The following sections describe the configuration settings you must specify by setting properties on objects in the Windows PowerShell drive namespace when adding a server to an existing Active Directory Rights Management Services (AD RMS) cluster.

When an AD RMS server is provisioned as a member of an existing cluster, it must be configured to use the cluster database server.

  1. At the Windows PowerShell command prompt, type:

    Set-ItemProperty -Path  <drive> :\ClusterDatabase -Name ServerName -Value <db_server>

    where <drive> is the name of the Windows PowerShell drive and <db_server> is the name of the cluster database server.

Back to top

When the AD RMS server role is installed on the first server in a cluster, AD RMS creates a database on the specified server that it uses to record configuration, logging, and other information. When another AD RMS server is joined to the cluster, it must be configured to use the same database.

  1. To list the database instances hosted by the cluster database server, at the Windows PowerShell command prompt, type:

    Get-ChildItem -Path  <drive> :\ClusterDatabase\DatabaseInstance

    where <drive> is the name of the Windows PowerShell drive.

  2. To list the databases hosted by a database instance, at the Windows PowerShell command prompt, type:

    Get-ChildItem -Path  <drive> :\ClusterDatabase\DatabaseInstance\ <db_instance>

    where <drive> is the name of the Windows PowerShell drive and <db_instance> is the name of a database instance.

  3. To set the database name, at the Windows PowerShell command prompt, type:

    Set-ItemProperty -Path  <drive> :\ClusterDatabase -Name DatabaseName -Value “ <db_name>

    where <drive> is the name of the Windows PowerShell drive and <db_name> is the name of the cluster database.

Back to top

If you are using AD RMS to centrally manage the cluster key, you must set the cluster key password before you can add the server to the cluster.

  1. To securely store the cluster key password in a variable, at the Windows PowerShell command prompt, type:

    $password = Read-Host -AsSecureString -Prompt “Password:”

  2. Type the cluster key password, and then press the ENTER key.

  3. At the Windows PowerShell command prompt, type:

    Set-ItemProperty -Path  <drive> :\ClusterKey -Name CentrallyManagedPassword -Value $password

    where <drive> is the name of the Windows PowerShell drive.

Back to top

During installation, AD RMS creates the AD RMS Service Group on the local computer and grants it appropriate permissions on all of the resources that are required for AD RMS to operate. When you install the AD RMS server role, you must define a domain account for use as the AD RMS service account. That account is made a member of the AD RMS Service Group, and it is granted the permissions that are associated with this group. During routine operations, AD RMS runs under the AD RMS service account.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

  1. At the Windows PowerShell command prompt, type:

    $svcacct = Get-Credential

    A dialog box appears.

  2. In the dialog box, type the account domain and name (in the form <domain>\<account>) and password.

  3. At the Windows PowerShell command prompt, type:

    Set-ItemProperty -Path  <drive> :\ -Name ServiceAccount -Value $svcacct

    where <drive> is the name of the Windows PowerShell drive.

Back to top

Before completing the installation of the AD RMS server role, you must specify the Web site where the AD RMS Web services will be installed if you are not using the default Web site. If you have installed the Internet Information Services (IIS) 6 Management Compatibility Service, you can get a listing of the Web sites hosted on the server by typing at a Windows PowerShell command prompt:

Get-ChildItem -Path  <drive> :\ClusterWebSite

where <drive> is the name of the Windows PowerShell drive.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

  • At the Windows PowerShell command prompt, type:

    Set-ItemProperty -Path  <drive> :\ClusterWebSite -Name WebSiteName -Value “ <web_site>

    where <drive> is the name of the Windows PowerShell drive and <web_site> is the name of the Web site to be used to host the AD RMS Web services.

Back to top

See Also

Community Additions

ADD
Show: