AD-RMS (Active Directory Right Management Services)-- Introduction

Okay let me explain “What is AD-RMS (Active Directory Right Management Services)?

All right; AD-RMS is server role in Windows Server 2008 which helps you to protect your digital information from unauthorized use. It establishes the identity of users and provides authorized users with licenses for that protected information.

AD RMS includes email message protection, rights enforcement, and content protection in your word documents, spreadsheets and presentations.

Let me take an example, here I have a document where I want user1 to have read only access to this document and user2 need read and print access. There is one more user (User3) who needs read, write and print permissions. So to achieve this goal for the protection of this document; I can use AD-RMS(Active Directory Right Management Services)

                                                           AD-RMS Components

AD-RMS has several components that work together to provide a comprehensive information rights management (IRM) solution.

Component	What does it do?
AD RMS  Server Cluster	It is used for AD RMS administration and configuration and handles all of the major AD RMS functions, including licensing, publishing, account certification, and recovery. There is a limit of one AD RMSCertification Server Cluster per AD DS forest.
AD RMS  Licensing-only Cluster	It is used to segment the AD RMS templates. With a single ADRMS Certification Server Cluster, all templates are shared among all users. By deploying a Licensing-only Cluster, templates can be created for use by a specific group of users such as the Legal department of the executive management team. It offers better separation and resource tracking when the AD RMSdeployment includes business partners.
SQL Database	The AD RMS database stores the configuration and log data. A Windows Internal Database can be used in place of SQL but it is not supported in a production environment.
AD DS	AD DS is an AD RMS prerequisite and is used to store users and groups used within AD RMS. Clients query AD DS for the service connection point (SCP) to discover registered AD RMS services.
AD RMS Client	The client, which comes built-in to Windows Vista®, Windows® 7 and Windows Server® 2008, is a free download for earlier Windows versions. There is also an add-on client for Internet Explorer. It serves as the client component and interacts with the AD RMSCertificate Server Cluster to encrypt and decrypt data.