Share via

Publishing an AD RMS server

Updated: February 15, 2013

Applies To: Unified Access Gateway

When you deploy Microsoft Exchange Server in your organization, you can also use Information Rights Management (IRM) to help individuals enforce their personal preferences concerning the transmission of personal or private information. IRM also helps organizations enforce corporate policy governing the control and dissemination of confidential or proprietary information. To use IRM in your organization, you must also deploy an Active Directory Rights Management Services (AD RMS) server. For information about deploying an AD RMS server, see Active Directory Rights Management Services ( For information about planning for IRM in Office 2010, see Plan for Information Rights Management in Office 2010 (

If you want to allow your organization and external users to share IRM-protected content over the Internet, you should deploy your AD RMS clusters for both internal and external use by using one of the following options:

  • Set the root cluster URL to a URL that can be accessed over the Internet. Ensure that this URL is resolved in the intranet to AD RMS servers for the same cluster. When you do this, the publishing license URL that end-user computers use for license acquisition works both in the intranet and on the Internet.

  • Set up a license server dedicated to extranet users and configure the extranet cluster URL appropriately.

Forefront Unified Access Gateway (UAG) SP1, SP2, and SP3 contain a publishing template that you can use to publish an AD RMS server. The following procedure describes how to publish the AD RMS server.

To publish an AD RMS server

  1. In the Forefront UAG Management console, click the trunk to which you want to add the application, and then in the Applications area, click Add.

  2. In the Add Application Wizard, on the Select Application page, click Web, and then in the list, click Rights Management Services.

  3. On the Web Servers page, do the following:

    1. In the Addresses box, enter the internal host name of the AD RMS server.

    2. In the Public host name box, enter the Extranet cluster URL of the AD RMS server. The Extranet cluster URL is defined on the Cluster URLs tab of the AD RMS properties dialog box, which is available from the AD RMS Management console.

    3. In either the HTTP port box or the HTTPS port box, enter the port over which the AD RMS server is available.

  4. On the Authentication page, select an authentication server, and select the Allow rich clients to bypass trunk authentication check box.

  5. On the Portal Link page of the wizard, do not make any changes.

  6. When you complete the wizard, click Finish.

    The Add Application Wizard closes, and the application that you defined appears in the Applications area of the Configuration section.

  7. On the toolbar of the Forefront UAG Management console, click the Activate configuration icon, and then on the Activate Configuration dialog box, click Activate.

    After the configuration is activated, the message "Activation completed successfully" appears.