Active Directory Right Management Services: Installation and Configuration

Preparation of the environment

Before we start installing the AD RMS role, we will prepare the environment.

Creating a group for super users

To overcome a user error on the application of rights, it is possible to configure in AD RMS a super-admin group that has the ability to edit all files.

From the Active Directory Users and Computers console, create a group by specifying a 1 email address.
ADRMS - Super user group

Then add the person (s) who will be able to access all the documents.

Service account for the AD RMS cluster

During post-installation configuration and the creation of the AD RMS cluster, a service account must be configured. Always using the Active Directory Users and Computers console, create a standard user account whose password never expires.
AD RMS - Service Account

A network share

Create a network share that is readable by everyone and in total control by the service account. This sharing goes XML export service of rights strategy templates.

Network share

DNS registration

Create a DNS record for the cluster name that points to the expected server’s IP role.


Certificate for the cluster

If you have a certification authority, provide a certificate on behalf of the AD RMS cluster.

Requesting a certificate for the AD RMS cluster IIS certificate installed

SQL Server

If you want to add multiple AD RMS servers in the cluster, you need to provide a SQL Server instance