Only one Active Directory Rights Management Services (AD RMS) root cluster is permitted per forest. If your organization wants to use rights-protected content in more than one forest, you must have a separate AD RMS root cluster for each forest.
The following steps in this checklist describe the tasks required to deploy AD RMS in an organization with users in multiple forests.
- Assign a secure sockets layer (SSL) certificate to the Web site
that will be hosting the AD RMS cluster.
- Install and configure an AD RMS root cluster in each
- If you are not using Exchange Server in each forest, you must
extend the Active Directory schema.
- Add the AD RMS service account to the access control list
of the group expansion pipeline.
For detailed instructions about setting up AD RMS in a multiple forest environment, see Deploying Active Directory Rights Management Services in a multiple forest environment Step-by-Step guide (http://go.microsoft.com/fwlink/?LinkId=72139).