By default, an AD RMS cluster does not service requests from users with a rights account certificate (RAC) that was issued by a different AD RMS cluster. However, you can add user domains to the list of trusted user domains, which allows AD RMS to process such requests.

For each trusted domain, you can also add and remove specific users or groups of users. In addition, you can remove a trusted user domain; however, you cannot remove the root cluster for this Active Directory Domain Services (AD DS) forest from the trusted user domains. Every AD RMS server in a deployment trusts the root cluster in its own forest.

The Trusted User Domains results pane lists the trusted user domains for the cluster.