Solved

can i use active directory rights mangement services outside of the company domain

Posted on 2012-03-30
4
218 Views
Last Modified: 2012-05-18
can i use active directory rights mangement services outside of the company domain on a large scale
if so
how is this achieved
best practice for deploying this
0
Comment
Question by:dougdog
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37787297
It can be done,  I won't blow smoke here, something I've never done.  We had RMS at my last job internally but it was a classified network and we didn't extend it

http://technet.microsoft.com/en-us/library/hh311038(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/dd996632(v=ws.10).aspx

You can search around for more info.

It is going to take a lot of research and planning.

Thanks

Mike
0
 

Author Comment

by:dougdog
ID: 37787314
is it more designed for internal use?
0
 
LVL 26

Accepted Solution

by:
MidnightOne earned 500 total points
ID: 37863896
Short answer: Yes, it can be used for external clients. Yes, it is FAR easier for internal use only.

Longer answer: It requires such an interlocking set of services (SQL, CA infrastructure, OCSP integrated with IIS, client organization CA integration) that it frequently isn't worth the effort.

In addition to mkline71's links, check out the step by step guide to AD RMS as well.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question