none
AD RMS with AD FS 2.0 in a business to business scenario

    Question

  • Hi,

    I am working on a scenario : One of my customer has a resources forest, hosting an Exchange 2010 Organization. Each Mailboxes are linked Mailbox, linked to an user account in a domain account (Branch Forest). There are many Branch Forest. We want to deploy RMS for all Branches Forest.

    I have found this article, that provide a great step by step : http://technet.microsoft.com/fr-fr/library/ee918789(WS.10).aspx

    But I was hoping to use AD RMS with AD FS, in surch this scenario : Deploy AD RMS and AD FS in the resources Forest, and only deploy AD FS in Branches domain. But it seems that with this deployment, users in a Branch Domain cannot create protected documents, only consume protected documents. Is that true?

    Thank you for your answer and for your advice in implementing this kind of scenario


    Olivier Detilleux - Service Line Manager | Core Infrastructure Department - vNext http://www.vnext.fr - http://myitforum.com/cs2/blogs/forefrontsecurity/
    Thursday, August 11, 2011 8:57 AM

Answers

  • Hi Olivier,

    We are implementing this architecture (with AD FS 2.0) for one of our customers and I can say that the answer is Yes

    Users located in the Branch office will not be able to create a protected document, only consume the protected document

    HTH,

    Idan Plotnik, Identity and Security Engineer, MVP

    Foreity - Intelligent Security

    www.ForefrontSecurity.org

    Tuesday, May 15, 2012 10:25 AM