AD RMS with AD FS 2.0 in a business to business scenario


  • Hi,

    I am working on a scenario : One of my customer has a resources forest, hosting an Exchange 2010 Organization. Each Mailboxes are linked Mailbox, linked to an user account in a domain account (Branch Forest). There are many Branch Forest. We want to deploy RMS for all Branches Forest.

    I have found this article, that provide a great step by step :

    But I was hoping to use AD RMS with AD FS, in surch this scenario : Deploy AD RMS and AD FS in the resources Forest, and only deploy AD FS in Branches domain. But it seems that with this deployment, users in a Branch Domain cannot create protected documents, only consume protected documents. Is that true?

    Thank you for your answer and for your advice in implementing this kind of scenario

    Olivier Detilleux - Service Line Manager | Core Infrastructure Department - vNext -
    Thursday, August 11, 2011 8:57 AM


  • Hi Olivier,

    We are implementing this architecture (with AD FS 2.0) for one of our customers and I can say that the answer is Yes

    Users located in the Branch office will not be able to create a protected document, only consume the protected document


    Idan Plotnik, Identity and Security Engineer, MVP

    Foreity - Intelligent Security

    Tuesday, May 15, 2012 10:25 AM