August 2019
Intermediate to advanced
786 pages
20h 22m
English
Content preview from Mastering Active Directory - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
AD RMS in multiple forests
If the organization has multiple AD forests, and if AD RMS needs to be used between them in order to protect data, this deployment method can be used. Each forest can only have one RMS root cluster. Therefore, in multiple forest environments, each domain should have its own AD RMS cluster. The AD RMS cluster uses AD DS to query an object's identity. When there are multiple forests, it needs to have contact objects of users and groups for the remote forest. The following elements are required for AD RMS deployment in multiple forests:
- AD RMS root cluster in each forest.
- Contact objects for remote users and groups (from the different forests) need to be set up.
- Schema extensions need to be in place to trace back ...