Only one Active Directory Rights Management Services (AD RMS) root cluster is permitted per forest. If your organization wants to use rights-protected content in more than one forest, you must have a separate AD RMS root cluster for each forest.
The following steps in this checklist describe the tasks required to deploy AD RMS in an organization with users in multiple forests.
-
Assign a secure sockets layer (SSL) certificate to the Web site that will be hosting the AD RMS cluster.
-
Install and configure an AD RMS root cluster in each forest.
-
If you are not using Exchange Server in each forest, you must extend the Active Directory schema.
-
Add the AD RMS service account to the access control list of the group expansion pipeline.
For detailed instructions about setting up AD RMS in a multiple forest environment, see Deploying Active Directory Rights Management Services in a multiple forest environment Step-by-Step guide (