Sunday, 11 August 2013

Installing and Configuring Active Directory Rights Management Service in a Cluster on Windows Server 2012

In this article, I will cover the installation and configuration of Active Directory Information Rights Management Service as a cluster on Windows Server 2012 with databases on SQL Server Always on Group on SQL Server 2012.

This is a prep work for configuring the Information Rights Management for SharePoint 2013 which I will cover later.

Overview of the demo environment I am using.

  • Contoso DC: DNS, Active Directory Domain Controller
  • Contoso IRM: Active Directory Rights Management Service A
  • Contoso CA: Active Directory Rights Management Service B
  • SQL01: Primary Replica SQL Server 2012
  • SQL02: Secondary Replica SQL Server 2012
  • SQLAAG01: Always on Availability Group 01
  • FIM01: SharePoint 2013 Server

Installation and Configuration of AD RMS on the First Server and configuring the Cluster:

I will start with the 
  • Installation of Active Directory Rights Management Service on the first server i.e ContosoIRM
  • Configuriation of the Additional Steps and creating the cluster

Launch the Server Manager , Click on Add Roles and Features

Click on Next

Click on Next 

Select the Server, Click Next 

Select Active Directory Rights Management Services, Click Next

 Click Next 

Click Next 

Select AD RMS  , Click Next 

Click Install to Start the Installation Process.

Installation may consume around 15 minutes or less

Installation Complete, Click on Close

In the Server Manager, Click on the Falg to Perform the Additional Configuration 

Click on Next

Select Create a new AD RMS root cluster, Click Next

In this scenerio , I am using Always on Availability Group, Click on Specify a Database Server and a Database Instance

I have specified the AAG name  and Selectthe Database Instance

Click Next

Specify the Service Account that has access to the Database Server

 I have gone with the Cryptographic Mode 2 option, click Next

Its good to have a centrally managed key storage but depending upon the required select what you need 

Specify the Cluster Key Password, this will be used while joining the AD RMS Server B in the cluster

Select the Web Site , I have already named the website as ContosoIRM

You can pre-configure the website with DNS Host entry

I will go with http instead of https though the screenshot is for https 

Name the server Licensor Certificate 

This is an important step to register the SCP , I will register it via the configuration wizard. If you have already attempted to install AD RMS on the same server, you will have to delete the RMS from AD Sites and Services to install it again

Click Install to Configure it. Note if you use https the databases will have 443 in the suffix of the database names. 

Click Install to proceed

This may consume again upto 15 minutes

Installation Complete

Now log off and log in back

Launch the Active Directory Rights Management Services  from the metro menu

Here we go the Cluster is configured

Following 3 databases have been created in Always On Group primary replica, I will add the the databases in AAG group later. As I am using http all databases have 80 in the suffix.

2) Installation and Configuration of AD RMS on Server B i.e. ContosoCA

Launch the Server Manager
Install the Active Directory Rights Management Services as covered above.
Once installed, Click on the Flag in Server Manager to perform Additional Configuration Steps , I will cover the steps from here.

Click on Perform Additional Configuration

This launches the Configuration Wizard for AD RMS, Click Next

Select Join an existing AD RMS Cluster, Click Next

Specify the Database Server Name , in my case Iwill provide the Always on Availabilty Group name click on Select 
Select Default Instance from the List

It should pick up the Configuration Database name, if not click on the drop down to select the Config database name

Click Next

Specify the same Cluster Key which was used while creating the Cluster i.e. centrally managed key

Click Next

Specify the database service account by clicking on Specify 

Now that I have specified the Service Account details , Click Next

Select the website, you can pre-configuring by creating a blank website with fqdn and bindings. This is important if you want to load balance the AD RMS website.

You can do this by using Microsoft NLB for POC purpose but in real world you would want to use Hardware Load Balancer like F5 or Barracuda to achieve load balancer I won't get into the details of this here as there are good articles which cover the same somewhere else.

In this scenario I'm selecting the default website I created, Click Next.

Click on Install to start the Installation and Configuration

The installation is complete now

Log off and Log in Back, Launch AD RMS

The installation and  configuration of the AD RMS is completed and we created the cluster as well all on Windows 2012 and databases highly available on SQL Server 2012 Always on Group.

There is more to AD RMS i.e. Trust Policies , User Execution, Security policies, policy templates etc. This article is just to illustrate the installation of AD RMS and configuration of the cluster for demo purpose. For more information please refer to the relevant tech net article.

I will configure AD RMS for SharePoint 2013 ad will cover this in some other article.


  1. Replies
    1. Nice try . trying to ruin a informative blog for your advertising.

  2. Governance and Management Services Australia We provide back office and administrative services for not for profits. We take the time consuming and routine tasks such as subscription management, supplier payment and even inquiry responses from you. We do this in such a seamless way as if the responses came from your organization. We leave you more time to focus on your ideas and reasons you joined - to make a difference. In addition, we take care of minutes of meetings, compliance, insurances and therefore enhance governance for you, your mission and your members.

  3. Thank you for this post

  4. Thank you for the helpful post.

  5. BlueHost is ultimately one of the best web-hosting provider for any hosting plans you need.

  6. Can i check with you I have 3 VMS 1)AD DS 2) ADRMS 3) SQL
    In SQL i have 2 instance 1 for Sharepoint and 1 for ADRMS DB installed separate Drive. I installed the Feature role of ADRMS but when configure cannot find database "AD RMS Setup could not retrieve a list of SQL Server instance names.

    Please help

  7. Can i check with you I have 3 VMS 1)AD DS 2) ADRMS 3) SQL
    In SQL i have 2 instance 1 for Sharepoint and 1 for ADRMS DB installed separate Drive. I installed the Feature role of ADRMS but when configure cannot find database "AD RMS Setup could not retrieve a list of SQL Server instance names.

    Please help

  8. Thank you for the update, very nice site about IT Deployment.

  9. Thank you very much to my husband .. health of your hands ...