Installing AD RMS

AD RMS is not supported and does not run in Server Core installations of Windows Server 2008. However, AD RMS is a good candidate for virtualization under Hyper-V, especially in test environments. Keep this in mind when you plan and prepare your AD RMS deployment.

Use the buttons below to navigate through the lesson


In the following lesson you will perform AD RMS install on a single server. This installs the WID as the support database. Because all the components are local, you cannot scale this deployment to support high availability. Use the single server deployment only in test environments. If you want to use this deployment to test AD RMS beyond the firewall, you will have to add appropriate AD RMS exceptions.

Right click Roles. Select Add Roles. Click Next. Select Active Directory Rights Management Services. Click Add Required Role Services. Click Next. Select Active Directory Rights Management Services. Do not choose the Identity Federation Support option at this time. You cannot install this option until the AD FS federation relationship has been created. Click Next. Select Create A New AD RMS Cluster option, and then click Next.

As this is a single server installation, select Use Windows internal Database on this server and click Next. Click Specify. Type in the Username and password and click OK. Type in the Username and password and click OK. Click Next. Select Use AD RMS centrally managed key storage, then click Next.

You can also choose to protect the AD RMS cluster key by using a cryptographic storage provider because it is a more secure protection method. You will need to select the storage provider and then install this certificate on each new AD RMS server before you can add them to the root cluster.

Assign a complex password and click Next. select the Web site where you want to install the AD RMS Web services, and click Next. If you did not prepare the Web site beforehand, the name of the Web site will be Default Web Site. Select Use an SSL encrypted connection (https://) Type in the Fully Qualified Domain Name, click Validate. Once validated click Next. Select Create a self signed certificate for SSL encryption.

If you did not install the certificate prior to setup, you can click Import to import the certificate now. You can also use a self-signed certificate, or, if you did not obtain the certificate prior to installation, you can select the third option, to choose encryption later.
Note, however, that you will not be able to complete your installation until you obtain and install this certificate if you choose the last option. Self-signed certificates should be used for test environments only. In a production environment, use a proper SSL certificate issued from a commercial certification authority.

Click Next. Type in a meaningful name and click Next. The name should enable you to quickly identify which server the certificate is for. Select Register The AD RMS Service Connection Point Now, and then click Next. Click Next to install the IIS options. Click Next. Click Install. The installation has completed you may now  close all open dialogue boxes.