There can be instances when you need to retire an Active Directory Rights Management Services (AD RMS) server or remove an existing AD RMS cluster entirely. Before you retire a server, you should back up all AD RMS databases that are used by the server, especially the configuration database.
After you back up the databases, you can remove the server. The requirements for removing an AD RMS server depend on the role of the server and topology of the AD RMS installation:
- Removing one server from a cluster. If
the AD RMS server that you want to retire is in a cluster in
which other servers in that AD RMS cluster are still active
and required, removing an individual AD RMS server from the
cluster requires that you unprovision and uninstall AD RMS on
the server that you want to retire, and remove the server from the
load-balancing rotation. Consult the documentation of the load
balancer for instructions about removing a server.
Only servers in the root cluster must be unprovisioned before you uninstall AD RMS. This process is not required for servers that are in licensing-only clusters.
- Retiring a stand-alone server. If the
AD RMS server to be retired is the only server in that
cluster, take the following steps: decommission, unprovision, and
uninstall the existing AD RMS server, remove it from the
network, and then immediately install and provision AD RMS on
the replacement server. Configure the new AD RMS server (this
will create a new single-server cluster) and use the same URL and
configuration database as the retired AD RMS server. Keep in
mind that, until the replacement server is installed and
provisioned, users cannot consume rights-protected content that was
published by the single-server cluster.
If the AD RMS server that you are replacing uses a hardware or software-based cryptographic service provider (CSP), you must move the key container to the new server before you install and provision AD RMS on it. For information about moving the key container, see the documentation that came with your CSP.
- Replacing an AD RMS installation with
another, existing AD RMS installation. In some
circumstances, you might need to retire an AD RMS installation
and replace it with another, existing AD RMS installation, for
example, in the case of a company merger where both companies are
running AD RMS. In this case, you should export the trusted
user domain (TUD) and trusted publishing domain (TPD) from the
AD RMS cluster being retired. Import the TUD and TPD into the
AD RMS cluster that is still active. Importing the TUD and TPD
will ensure that the rights-protected content that was previously
protected from the retired AD RMS installation can be consumed
in the active cluster.
When you decommission, unprovision, and uninstall an AD RMS server, the server is removed from the ClusterServer table of the configuration database, and the directory services database is deleted from the database server.
This section contains the following procedures: