Specifying the Rights Account Certificate Validity Duration

Published: July 8, 2009

Updated: October 22, 2009

Applies To: Windows Server 2008 R2, Windows Server 2008 R2 with SP1

You can specify the validity periods for both standard and temporary rights account certificates (RACs) provided by Active Directory Rights Management Services (AD RMS). By default, a standard RAC is valid for 365 days and a temporary RAC is valid for 15 minutes. After the end of these periods, users must acquire new certificates when they attempt to acquire publishing or use licenses. The manner in which the RAC is renewed depends on the AD RMS-enabled application. In some cases, it may be transparent; in others, the user may need to actively submit a request.

noteNote
If you are using Active Directory Federation Services (AD FS) with AD RMS, the rights account certificate validity duration is specified as an identity federation support setting. For more information, see Configuring Federated Identity Support Settings.

Membership in the local AD RMS Enterprise Administrators, or equivalent, is the minimum required to complete this procedure.

  • At the Windows PowerShell command prompt, type:

    Set-ItemProperty -Path <drive>:\IssuancePolicy -Name StandardCertValidityPeriodInDays <days>

    where <drive> is the name of the Windows PowerShell drive, and <days> is a number that specifies how many days the standard RAC will remain valid.

  • At the Windows PowerShell command prompt, type:

    Set-ItemProperty -Path <drive>:\IssuancePolicy -Name TemporaryCertValidityPeriodInMinutes <minutes>

    where <drive> is the name of the Windows PowerShell drive, and <minutes> is a number that specifies how many minutes the temporary RAC will remain valid.

See Also

Community Additions

ADD
Show: