Active Directory Rights Management Services (AD RMS) is an information protection technology. One of the areas in which AD RMS becomes useful is that preventing leakage of sensitive information that goes through Exchange Server in the company. You can also use AD RMS individually to protect Office documents or with SharePoint Server to control your sites.
AD RMS protects the information (documents, emails etc) by encrypting them, In order to decrypt an AD RMS protected content, you need licenses. Only the super user group is granted to get licenses. You can set this user group from Security Policies container in AD RMS management tool.
Change of this group takes effect after 24 hours because server caches the membership list of this group locally to avoid too many requests to AD domain controller. If you don’t want to wait for 24 hours, follow the steps below:
- Log in to AD RMS SQL Server
- Open SQL Server Management Studio
- Right click on
PrincipalIdentifierstable inDRMS_DirectoryServicesand choose Edit rows - Change the expiration dates to a past time
PrincipalIdentifierstable - Apply the steps 3 and 4 for the table
GroupIdentifiersin the same database
GroupIdentifierstable - Restart IIS in AD RMS server