locked
Decommision AD RMS (Single Node Cluster) RRS feed

  • Question

  • Good afternoon,

    Hope your well. Wanted to ask for help as have read a few articles in regards to how to decommission the AD RMS server, however they appear to have missed out some key points (or at least I think so, or more likely I'm doing something wrong).

    We were required to completely remove AD RMS from our environment, we only had a single node cluster. Following the advice on some TechNet articles, we granted the correct permissions to the Decommision folder and the ASPX file. Once completed placed the server in the Decommissioning state. In our environment it was only Exchange which used this service.

    Now the server is in decommissioning state, what could be done to ensure please are still able to view their protected emails? On a side note, I had inadvertently removed my account (through permissions, and manage accounts within Outlook 2010), and now I receive the message, Unable to contact the Restricted permission service.

    Would the SCP need to be changed to point to the decommissioning folder (within IIS)

    Thanks in advance,

    Satbir

    Monday, August 8, 2016 1:17 PM

All replies

  • That decommission process doesn't allow you to remove ADRMS, it only allows users to have unrestricted access as long as they are authenticated. This effectively makes all users ADRMS superusers.

    This process is problematic because it's really specific to the msdrm client as far as I can tell. I think it's better and simpler to just make everyone superuser.

    Removing the server is another issue since you have encrypted email and when someone tries to open the encrypted email they must contact the RMS service to get decryption keys.

    You can get back to your previous state by restoring the database to the point before decommission.

    There may be a way for exchange to identify what emails are protected via indexing, but I don't think there is a way to automatically decrypt them in the mail store.

    Friday, August 12, 2016 11:47 PM