none
AD RMS Installation in Forest with multiple Domains

    Question

  • Hi,

    I'm going to install AD RMS in an environment with several domains within a forest. In this environment exist a parent domain and four child domains. So, there are my questions:

    - In which domain I have to install AD RMS? In the one with the Global Catallog? 

    - AD RMS works at forest level? I mean that if you install AD RMS in the forest, all users, regardless of the domain they belong to, can use this tool.

    - If I were to install AD RMS in a child domain, I assume that the SCP would be created in its AD. Users in other domains could use AD RMS in this scenario?

    Thanks,

    Miguel

    Wednesday, July 24, 2013 9:08 AM

Answers

  • Hi Miguel -

    The boundary of an AD RMS platform is the Active Directory forest.  Users in any domain within that forest will be able to use AD RMS.  AD RMS needs to talk to a Global Catalog AD server to authenticate users so the AD RMS servers must be able to contact the GC.  If you install AD RMS in a child domain and register the SCP, it will take some time (an hour or so?) to replicate across all the different domains.

    I hope that helps,

    Micah LaNasa

    Synergy Advisors

    synergyadvisors.biz

    • Marked as answer by mikemm13 Thursday, July 25, 2013 6:29 AM
    Wednesday, July 24, 2013 5:03 PM

All replies

  • Hi Miguel -

    The boundary of an AD RMS platform is the Active Directory forest.  Users in any domain within that forest will be able to use AD RMS.  AD RMS needs to talk to a Global Catalog AD server to authenticate users so the AD RMS servers must be able to contact the GC.  If you install AD RMS in a child domain and register the SCP, it will take some time (an hour or so?) to replicate across all the different domains.

    I hope that helps,

    Micah LaNasa

    Synergy Advisors

    synergyadvisors.biz

    • Marked as answer by mikemm13 Thursday, July 25, 2013 6:29 AM
    Wednesday, July 24, 2013 5:03 PM
  • Hi Micah,

    It helps, that's the answer I was looking for.

    Thank you

    Regards,

    Miguel

    Thursday, July 25, 2013 6:30 AM
  • Hi Miguel -

    The boundary of an AD RMS platform is the Active Directory forest.  Users in any domain within that forest will be able to use AD RMS.  AD RMS needs to talk to a Global Catalog AD server to authenticate users so the AD RMS servers must be able to contact the GC.  If you install AD RMS in a child domain and register the SCP, it will take some time (an hour or so?) to replicate across all the different domains.

    I hope that helps,

    Micah LaNasa

    Synergy Advisors

    synergyadvisors.biz

    Important, the DNS resolution to SCP URL must be guaranteed from any domain in the forest.
    Thursday, September 26, 2013 3:43 PM