none
AD RMS on Server 2012 integration with Windows Live ID's

    Question

    • Hello,

      I am trying to integrate our On-Premise AD RMS Cluster with Windows Live ID support, however when I attempt to enable it via PowerShell (the "Trust Windows Live ID" option in the GUI is missing), I receive the error:

      "Import-RmsTUD : Trusting external Microsoft accounts is not supported under AD RMS cryptographic mode 2."

      How do I get around this?  I don't think switching to cryptographic mode 1 is even an option...

      Thanks in advance.

      Simon

    Tuesday, July 02, 2013 9:10 PM

Answers

  • Hi Simon -

    Unfortunately, using WLID is not an available option when you have deployed Cryptographic Mode 2.  If you have implemented Trusted User Domains (which is what you do when you enable WLID) or Trusted Publishing Domains with AD RMS clusters in different Active Directory forests, all clusters must be updated to Cryptographic Mode 2, which is why that option is unavailable for you.  As you mentioned, there is currently no way to roll back to Cryptographic Mode 1 after deploying Mode 2. 

    However, Microsoft is coming out with an improved collaboration strategy through RMS Online, which will require Cryptographic Mode 2.  This is not out yet, but you can learn more about it here: http://channel9.msdn.com/Series/Information-Protection/Enabling-RMS-Everywhere-032013.  The goal is that this will replace the WLID option.

    Micah LaNasa

    Synergy Advisors

    synergyadvisors.biz

    • Marked as answer by SimonSenger81 Wednesday, July 03, 2013 5:26 PM
    Wednesday, July 03, 2013 5:06 PM