The following steps in this checklist describe the tasks required to configure identity federation support with Active Directory Rights Management Services (AD RMS) cluster.

  1. Assign a secure sockets layer (SSL) certificate to the Web site that will be hosting the AD RMS cluster.

  2. Install and configure the AD RMS cluster.

  3. Grant the AD RMS service account privileges to Generate Security Audits found in the Local Security Policy console. This privilege allows the AD RMS service account to generate events and write them to the Security log.

  4. On the AD FS resource partner, create a claims-aware application for the AD RMS certification and licensing pipelines.

  5. Configure the AD RMS extranet cluster URL by using the Active Directory Rights Management Services console.

  6. Add the AD RMS Identity Federation Support role service by using Server Manager.

For detailed instructions about setting up AD RMS and AD FS, see AD RMS with AD FS Identity Federation Step-by-Step Guide (