BTW - RMS does not leverage the traditional cert services that you would use for a PKI. It has its own "certs" that it hands out. Also it requires a database server (SQL). On principal, I would not put this on a DC. Both the DC and the RMS Server play critical roles, however losing the RMS server could be far more devastating than a single DC.
Aric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, October 05, 2005 5:09 PM To: [email protected] Subject: RE: [ActiveDir] Rights Management Server The only thing I know about RMS is what the acronym stands for. However, your question is about using the DC as the cert server so you don't have to procure additional hardware, right? There is nothing wrong with that. It's a supported configuration, and as long as you do your due diligence and get your backup right, you should be fine. One common issue with running the CA on a DC is that the cert service will be broken if you use one of the MS custom inf to harden the DC. I forgot which one exactly, but you will know when your cert service is broken. Recovery is not too hard, so don't sweat it. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Wed 10/5/2005 2:14 PM To: [email protected] Subject: [ActiveDir] Rights Management Server Has anyone deployed Microsoft's RMS and used their DC's as the Root certification server? We are debating wether we need dedicated hardware for the RMS servers or whether they can share. Thanks in advance. Holland + Knight Travis Abrams IT Security & Systems Manager Holland & Knight LLP List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
