Active Directory Rights Management Services (AD RMS) client service discovery is the method by which the AD RMS client discovers an AD RMS cluster. There are three ways in which this can occur:
- Active Directory Domain Services (AD DS)
service connection point (SCP) automatic service discovery. This is
the recommended way to deploy an AD RMS environment. In this
scenario, an SCP is created in the Active Directory forest where
the AD RMS cluster is installed. When the AD RMS client
attempts user activation on the computer, it queries the SCP to
find the AD RMS cluster and download the rights account
certificate (RAC). With automatic service discovery, no additional
configuration is required on the AD RMS client.
- AD RMS client registry overrides. In
complex AD RMS deployment topologies, more specific control of
the AD RMS client is required. For versions of the Rights
Management Services (RMS) client running on Windows XP,
Windows 2000, or Windows Server 2003, these overrides are
required for topologies where multiple Active Directory forests are
deployed. Another example of where client registry overrides can be
used is to support extranet users. In these cases, client registry
overrides are created on the AD RMS client to force either
certification or licensing of rights-protected content from an
AD RMS cluster that is different from the one published in the
SCP. The AD RMS client registry overrides used to override the
SCP are created in:
The client registry override keys are the following:
- Activation. This key is used to override the
default AD RMS certification service that is configured in the
SCP. The syntax for this key is http(s)://<your
cluster>/_wmcs/certification where <your
cluster> is the URL of the root cluster that should be used
- EnterprisePublishing. This key is used to
override the default AD RMS licensing service to which the
AD RMS client connects. The syntax for this key is
http(s)://<your cluster>/_wmcs/licensing where
<your cluster> is the URL of the licensing-only
The client registry overrides are configured as registry keys. The value of these registry keys should be added to the default entry of the registry key of type REG_SZ.
- If the AD RMS client computer is
connecting by using a federated trust, you must configure the
federation home realm. The registry key is:
Within this registry key create an registry entry named FederationHomeRealm of type REG_SZ. The value of this registry entry is the federation service URI.
- Activation. This key is used to override the default AD RMS certification service that is configured in the SCP. The syntax for this key is http(s)://<your cluster>/_wmcs/certification where <your cluster> is the URL of the root cluster that should be used for certification.
- Examine issuance license for extranet URLs.
The last method for AD RMS client service discovery is by
means of the issuance license. When rights-protected content is
published, the intranet as well as the extranet licensing service
URLs are added to the issuance license. When an AD RMS client
opens the rights-protected content for the first time and the other
methods of service discovery are not available, the client can
retrieve the licensing URLs from the issuance license.