There can be instances when you need to retire an Active Directory Rights Management Services (AD RMS) server or remove an existing AD RMS cluster entirely. Before you retire a server, you should back up all AD RMS databases that are used by the server, especially the configuration database.

After you back up the databases, you can remove the server. The requirements for removing an AD RMS server depend on the role of the server and topology of the AD RMS installation:

  • Removing one server from a cluster. If the AD RMS server that you want to retire is in a cluster in which other servers in that AD RMS cluster are still active and required, removing an individual AD RMS server from the cluster requires that you unprovision and uninstall AD RMS on the server that you want to retire, and remove the server from the load-balancing rotation. Consult the documentation of the load balancer for instructions about removing a server.

    Note

    Only servers in the root cluster must be unprovisioned before you uninstall AD RMS. This process is not required for servers that are in licensing-only clusters.

  • Retiring a stand-alone server. If the AD RMS server to be retired is the only server in that cluster, take the following steps: decommission, unprovision, and uninstall the existing AD RMS server, remove it from the network, and then immediately install and provision AD RMS on the replacement server. Configure the new AD RMS server (this will create a new single-server cluster) and use the same URL and configuration database as the retired AD RMS server. Keep in mind that, until the replacement server is installed and provisioned, users cannot consume rights-protected content that was published by the single-server cluster.

    Important

    If the AD RMS server that you are replacing uses a hardware or software-based cryptographic service provider (CSP), you must move the key container to the new server before you install and provision AD RMS on it. For information about moving the key container, see the documentation that came with your CSP.

  • Replacing an AD RMS installation with another, existing AD RMS installation. In some circumstances, you might need to retire an AD RMS installation and replace it with another, existing AD RMS installation, for example, in the case of a company merger where both companies are running AD RMS. In this case, you should export the trusted user domain (TUD) and trusted publishing domain (TPD) from the AD RMS cluster being retired. Import the TUD and TPD into the AD RMS cluster that is still active. Importing the TUD and TPD will ensure that the rights-protected content that was previously protected from the retired AD RMS installation can be consumed in the active cluster.

When you decommission, unprovision, and uninstall an AD RMS server, the server is removed from the ClusterServer table of the configuration database, and the directory services database is deleted from the database server.

This section contains the following procedures:

Table Of Contents