Using Windows PowerShell to Deploy AD RMS

Published: July 8, 2009

Updated: October 22, 2009

Applies To: Windows Server 2008 R2, Windows Server 2008 R2 with SP1

The Active Directory Rights Management Services (AD RMS) Windows PowerShell deployment module gives you the ability to install and provision the AD RMS server role on a computer running Windows Server® 2008 R2, to upgrade a server in an AD RMS cluster following a Windows upgrade, and to remove the AD RMS server role, all by using Windows PowerShell cmdlets. The module presents a drive namespace that consists of containers representing configuration settings you must make before installing the server role. Within this namespace, you manage cluster settings by creating and setting properties on items in the containers that are arranged hierarchically in the namespace, most often by using common Windows PowerShell cmdlets, such as New-Item and Set-ItemProperty. In some cases, the AD RMS Windows PowerShell deployment module implements special-purpose cmdlets to perform tasks that cannot be performed by using common cmdlets.

To deploy AD RMS by using a Windows PowerShell session on a remote computer, you must enable the Credential Security Service Provider (CredSSP) and then specify -Authentication Credssp when creating the remote session. Note, however, that this practice increases the security risk of the remote operation because, if the remote computer is compromised, the credentials that are passed to it can be used to control the network session. For more information, type Get-Help Enable-WSManCredSSP -Full at a Windows PowerShell prompt.

Before you can deploy AD RMS by using Windows PowerShell cmdlets, after starting Windows PowerShell, you must perform two tasks:

  1. Import the AD RMS Windows PowerShell deployment cmdlet module.

  2. Create a Windows PowerShell drive that represents the AD RMS cluster you want to create or join.

The following procedures explain how to perform each of these tasks.

  • At the Windows PowerShell prompt, type:

    Import-Module ADRMS

  • At the Windows PowerShell prompt, type:

    New-PSDrive -Name <drivename> -PsProvider AdRmsInstall -Root<installType>

    where <drivename> is the name you want to assign to the new drive, and <installType> is the type of installation you want to perform:

    • RootCluster installs the AD RMS server role as the first server in a root cluster.

    • LicensingCluster installs the AD RMS server role as the first server in a licensing-only cluster.

    • JoinCluster installs the AD RMS server role as a member server in an existing root or licensing-only cluster.

    For example, to create a drive named RC that represents the first server in a root cluster, type:

    New-PSDrive -Name RC -PsProvider AdRmsInstall -Root RootCluster

See Also

Community Additions