June 2017
Beginner to intermediate
742 pages
18h 29m
English
Content preview from Mastering Active Directory
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
AD RMS in multiple forests
If the organization has multiple forests and if AD RMS needs to use between them to protect data, this deployment method can be used. One forest can have only one RMS root cluster. Therefore, in multiple forest environments, each domain should have their own AD RMS cluster. The AD RMS cluster uses AD DS to query an object's identities. When there are multiple forests, it needs to have contact objects of users and groups for the remote forest. The following are required for AD RMS deployment in multiple forests:
- AD RMS root cluster in each forest
- Setting up contact objects for remote users and groups (from the different forests)
- Schema extension in place to trace back to the mother forest of the contact objects ...