You can specify the validity periods for both standard and temporary rights account certificates (RACs). By default, a standard RAC is valid for 365 days and a temporary RAC is valid for 15 minutes. After the end of these periods, users must acquire new certificates when they attempt to acquire publishing or use licenses. The manner in which the RAC is renewed depends on the AD RMS-enabled application. In some cases, it might be transparent; in others, the user might need to actively submit a request.

Note

If you are using Active Directory Federation Services (AD FS) with AD RMS, the rights account certificate validity duration is specified in Federated Identity Support. For more information, see Configure Federated Identity Support Settings.

Membership in the local AD RMS Enterprise Administrators, or equivalent, is the minimum required to complete this procedure.

To specify the Rights Account Certificate Validity Duration for standard certificates
  1. Open the Active Directory Rights Management Services console and expand the AD RMS cluster.

  2. In the console tree, select Rights Account Certificate Policies, and then click Change standard RAC validity period.

  3. On the Standard RAC tab, in Standard RAC validity period, type the number of days that standard RACs are to be valid, and then click OK.

To specify the Rights Account Certificate Validity Duration for temporary certificates
  1. Open the Active Directory Rights Management Services console and expand the AD RMS cluster.

  2. In the console tree, select Rights Account Certificate Policies and then click Change temporary RAC validity period.

  3. On the Temporary RAC tab, in Temporary RAC validity period, type the number of minutes that temporary RACs are to be valid, and then click OK.

Additional considerations

Additional references