Active Directory Right Management Services: Installation and Configuration

Preparation of the environment

Before we start installing the AD RMS role, we will prepare the environment.

Creating a group for super users

To overcome a user error on the application of rights, it is possible to configure in AD RMS a super-admin group that has the ability to edit all files.

From the Active Directory Users and Computers console, create a group by specifying a 1 email address.
ADRMS - Super user group

Then add the person (s) who will be able to access all the documents.

Service account for the AD RMS cluster

During post-installation configuration and the creation of the AD RMS cluster, a service account must be configured. Always using the Active Directory Users and Computers console, create a standard user account whose password never expires.
AD RMS - Service Account

A network share

Create a network share that is readable by everyone and in total control by the service account. This sharing goes XML export service of rights strategy templates.

Network share

DNS registration

Create a DNS record for the cluster name that points to the expected server’s IP role.


Certificate for the cluster

If you have a certification authority, provide a certificate on behalf of the AD RMS cluster.

Requesting a certificate for the AD RMS cluster IIS certificate installed

SQL Server

If you want to add multiple AD RMS servers in the cluster, you need to provide a SQL Server instance

Related Posts

GPO : Loopback Processing

Table of ContentsContext and issuesSolution: loopback processingConclusion In this tutorial, I will try to present to you simply the functioning of Loopback Processing in GPOs. It quickly becomes a he

Printer mapping: GPO and Script

Table Of ContentsIntroMap a printer by GPOLimit printer mapping to a groupPrinter mapping by scriptLimit printer mapping to an Active Directory groupTroubleshootingDeactivate Point and Print Restricti

Active Directory: trust relationship between two forests / domains

Presentation The trust relationship between two Active Directory drill bits / domains is a trusted link that allows authenticated users to access resources in another domain. An approval relationship

Scroll to Top