Two users has one e-mail in AD RMS RRS feed

  • Question

  • Hi all,

    My scenario is: user A has email a@test.local and user B has the same email.
    User A encrypts a document (not grant any right for user B). Then, user B access the document. And user B is owner of this document. That means, user B is co-owner in this case.

    So, anything is wrong here when the AD RMS uses user's email for verification?

    I know this case is hard to happen in actual. But, if someone want to illegal access the protected file. So, it looks like leaking or not secure in this case?

    Thank you.

    • Edited by Vu Le Anh Wednesday, November 6, 2013 4:54 AM
    Wednesday, November 6, 2013 4:49 AM

All replies

  • Hi,

    you are correct, if you have 2 users with the same email-address configured in AD, RMS will allow both users owner permissions or whatever other permission they might have. This is be design and using the e-mail address as an identifier allows RMS to be used for external communications.

    Might enable Windows security auditing (Security Eventlog) will help to identify if an email address was changed (http://technet.microsoft.com/en-us/library/cc731607(v=WS.10).aspx).



    • Proposed as answer by Martin Rublik Thursday, November 7, 2013 8:57 AM
    Wednesday, November 6, 2013 12:17 PM
  • Hi Lutz,

    Thank you so much for the helpful info.


    Vu Le

    Thursday, November 7, 2013 5:57 AM