locked
ADRMS and Distribution Groups RRS feed

  • Question

  • Hello,

    I have a strange behaviour with my AD RMS server.

    When a person to restriction it works perfectly.

    When adding a group, the members of this group cannot open the document.

    If i add them individually, all works fine.

    Any idea ?

    Tuesday, March 4, 2014 4:08 PM

All replies

  • RMS caches group information, so if the group was used from RMS before the user was added and you add then the user to the group you have to wait 12h.

    http://technet.microsoft.com/en-us/library/cc747586(v=WS.10).aspx

    Hope that helps,

    Lutz

    Wednesday, May 7, 2014 11:46 PM
  • Those values that Lutz mentioned are now in the database

    Directly from the DRMS_Config database CluserPolicies table:
    DirectoryServicesMemoryPrincipalCacheExpirationMinutes 720
    DirectoryServicesDatabasePrincipalCacheExpirationMinutes 720
    DirectoryServicesMemoryGroupCacheExpirationMinutes 720
    DirectoryServicesDatabaseGroupCacheExpirationMinutes 720

    These are in minutes.  Typically we change these to as low as 30 with no ill effects.

    Also make sure those groups are universal groups and have an email attribute assigned.

    Thursday, May 8, 2014 10:20 PM