{"id":849,"date":"2010-04-06T00:00:00","date_gmt":"2010-04-06T00:00:00","guid":{"rendered":"https:\/\/test.simple-talk.com\/uncategorized\/getting-started-with-active-directory-rights-management-services-for-exchange-2010\/"},"modified":"2016-07-28T10:42:47","modified_gmt":"2016-07-28T10:42:47","slug":"getting-started-with-active-directory-rights-management-services-for-exchange-2010","status":"publish","type":"post","link":"https:\/\/www.red-gate.com\/simple-talk\/sysadmin\/general\/getting-started-with-active-directory-rights-management-services-for-exchange-2010\/","title":{"rendered":"Getting Started with Active Directory Rights Management Services for Exchange 2010"},"content":{"rendered":"<div id=\"pretty\">\n<p class=\"start\">One of the most important  challenges that an organization can face is protecting sensitive data, such as  documents, spreadsheets and, amongst other things, E-mail messages. With this in  mind, Active Directory Rights Management Services (AD RMS) is a powerful  information protection &#160;tool from Microsoft that works with suitably-enabled  applications, such as Exchange Server, to help maintain sensitive data by  implementing the rights policy template.<\/p>\n<p>In this article, we will  look at the steps needed for a simple AD RMS installation in a very  straightforward walk-though style, and then cover how to integrate AD RMS with  Microsoft Exchange Server 2010. To&#160; finish off, we will also cover Rights Policy  Template creation and management through the AD RMS management console and also  through windows PowerShell.<\/p>\n<p>If  you want to know about more sophisticated Rights Management, then we will cover  the IRM (Information Rights Management) features in Exchange Server 2010 in a  future article, and the different ways to configure these features.<\/p>\n<h2>AD RMS installation:<\/h2>\n<p>The  AD RMS installation must be performed on a Windows Server 2008 R2 server, and  you&#8217;ll need to make sure you have met the following prerequisites prior to the  installation:<\/p>\n<ul>\n<li>The machine  you are installing the AD RMS role is a member server in a domain<\/li>\n<li>You have  created a domain user account that will be used as the AD RMS Service Account <\/li>\n<li>You have  created a <i>second<\/i> domain user account that will be used to install the AD  RMS Service role. Add this user to the local administrators group and to the AD  DS Enterprise Admin group<\/li>\n<li>You are  hosting an Active Directory domain in which the domain controller is running at  least Windows Server 2000 with Service Pack 3<\/li>\n<\/ul>\n<p>For  now, let us proceed with the installation by following these steps:<\/p>\n<p>Go to  Server Manager and click <b>Add Roles<\/b>, then select the <b>Active Directory  Rights Management Services<\/b> checkbox &#160;and click <b>Next<\/b>,&#160; making sure to  click the <b>Add Required Role Services<\/b> button as shown below.<\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS1.JPG\" alt=\"991-RDS1.JPG\" \/><\/p>\n<p class=\"caption\">Figure 1.0:  Required Role Services<\/p>\n<p>On  the &#8216;Select Server Roles&#8217; page, make sure <b>Active Directory Rights Management  Services<\/b> is selected before clicking <b>Next<\/b>.<\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS2.JPG\" alt=\"991-RDS2.JPG\" \/><\/p>\n<p class=\"caption\">Figure 1.1: AD RMS and Web  Server IIS selected<\/p>\n<p> Because it is our first AD RMS in the Active Directory forest, we will also need  to create a new AD RMS cluster:<\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS3.JPG\" alt=\"991-RDS3.JPG\" \/><\/p>\n<p class=\"caption\">Figure 1.2: Creating a new  AD RMS Cluster<\/p>\n<p>Once the AD RMS server is  provisioned, it becomes an AD RMS cluster. We can differentiate two types of  cluster:<\/p>\n<ul>\n<li> A root  cluster that handles all certification and licensing requests. The first AD RMS  in an Active Directory forest always becomes the root cluster.<\/li>\n<li> Licensing-only clusters that (unsurprisingly) handle licensing requests.<\/li>\n<\/ul>\n<p>Both types of clusters  cannot coexist in the same load-balancing pool, so that is something to consider  when you&#8217;re setting up your infrastructure. Next, select to use a different  database server, and click on <b>Validate.<\/b><\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS4.JPG\" alt=\"991-RDS4.JPG\" \/><\/p>\n<p class=\"caption\">Figure 1.3: Select  Configuration Database<\/p>\n<p>Even  though you have the option to use the Windows internal database, it is  recommended to instead use a separate server to host the AD RMS database. This  is because the internal database doesn&#8217;t support remote connections, and hence  prevents you from adding a second server to the AD RMS cluster. That being said,  windows internal database can still be used in your lab environment. If you do  elect to use a different database server, make sure that the SQL version is 2005  or later.<\/p>\n<p>Next,  on the Service Account page, select the AD RMS Service account:<\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS5.JPG\" alt=\"991-RDS5.JPG\" \/><\/p>\n<p class=\"caption\">Figure 1.4: Specify  AD RMS Service Account<\/p>\n<p>Bear  in mind that the AD RMS service account cannot be the same account as the domain  account used for AD RMS installation. Next, when setting up the Cluster Key  Storage, select <b>Use<\/b> <b>AD RMS centrally managed key storage<\/b>, and type  in a Cluster Key Password.<\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS6.JPG\" alt=\"991-RDS6.JPG\" \/><\/p>\n<p class=\"caption\">Figure 1.5: Configure AD  RMS Cluster Key Storage<\/p>\n<p class=\"illustration\">On  the Cluster Web Site page, you will notice the Default Website is selected; this  is fine for a basic initial setup, so go ahead and click <b>Next. <\/b>On the  Cluster Address, opt to use SSL and specify a Fully-Qualified Domain Name  (FQDN) for the URL, and then click <b>Validate<\/b> to verify and preview the URL.<\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS8.JPG\" alt=\"991-RDS8.JPG\" \/><\/p>\n<p class=\"caption\">Figure 1.6: Specify  Cluster Address<\/p>\n<p>As a  best practice, create a custom CNAME record  for the AD RMS Cluster URL. This will ensure that the custom URL of the cluster  is preserved if the AD RMS server is down, replaced or renamed, by only updating  the appropriate record in the DNS.<\/p>\n<p>On  the Server Authentication Certificate page, click <b>Choose an existing  certificate for SSL encryption<\/b> and click <b>Import<\/b> to import the  necessary certificate. This could be a private certificate that is trusted  within your Active Directory site, or a public certificate purchased from known  vendors. You <i>can<\/i> select to use the self-signed certificate, but it is  clearly not recommended to do so for a production environment due to the  security implications.<\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS9.JPG\" alt=\"991-RDS9.JPG\" \/><\/p>\n<p class=\"captuion\">Figure 1.7: Import  Certificate<\/p>\n<p>In  the next step,&#160; keep the default name for the Server Licensor Certificate and  click <b>Next<\/b>, bringing you to the last step for configuring the AD RMS  Cluster installation, where you need to should opt to <b>Register<\/b> <b>the AD  RMS service connection point now.<\/b><\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS10.JPG\" alt=\"991-RDS10.JPG\" \/><\/p>\n<p class=\"caption\">Figure 1.8: Register AD  RMS SCP<\/p>\n<p>On  the Role services for Web Server (IIS) page which follows, keep the default  selected roles and click <b>Next<\/b>, and once you come to the Confirmation  page, click <b>Install<\/b>. On the results page, make sure that the installation  is successfully completed:<\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS11.JPG\" alt=\"991-RDS11.JPG\" \/><\/p>\n<p class=\"caption\">Figure 1.9: Installation  Results<\/p>\n<p class=\"MsoNormal\">\n<p>As  the second warning message states, you must log off and then log on again, and  AD RMS Enterprise Administrators Group membership will be automatically added to  the your credentials.<\/p>\n<h2>Integrate AD RMS with Exchange Server 2010:<\/h2>\n<p>One  of the great features in Exchange 2010 is the integration of information rights  management (IRM) technology, which &#160;We will be covering in a future article. In <i>this<\/i> section, we will go over the steps you&#8217;ll need to take to prepare  the AD RMS for Exchange Server 2010. These can be broken down into three steps:<\/p>\n<h3>1. Register a Service Connection Point<\/h3>\n<p>For Exchange Server to  discover the AD RMS cluster, we need to first register the Service Connection  Point (SCP) in Active Directory Domain Services. This can be performed  automatically during the AD RMS Cluster installation as shown in figure 1.9.  Alternatively, if you selected to perform  the registration later, now is the right time to do so:<\/p>\n<ul>\n<li>Select the  AD RMS cluster in the Management Console and click <b>Properties<\/b> from the  actions pane<\/li>\n<li>From the SCP  tab, select <b>Change SCP<\/b>, and click <b>Set the SCP to current certification  cluster<\/b><\/li>\n<\/ul>\n<p>Once you&#8217;ve registered the  SCP, you can check the object created in the active directory by browsing  through ADSIEDIT to the <b>Configuration<\/b> tab and following the path shown in  the figure below:<\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS12.JPG\" alt=\"991-RDS12.JPG\" \/><\/p>\n<p class=\"caption\">Figure 2.0: SCP view in  Active Directory<\/p>\n<h3>2. Provide Exchange Server and AD RMS Service With Group  Permissions to Access AD RMS:<\/h3>\n<p>This step involves  granting the Exchange Server computer object and the AD RMS service groups both  read and execute permission to the AD RMS server certification. To do this:<\/p>\n<ul>\n<li>Open the  default hard drive and browse to the following location:<br \/><i> Inetpub\\wwwroot\\_wmcs\\Certification<\/i>\n<\/p>\n<\/li>\n<li>Right click <b>ServerCertification.asmx<\/b>, click <b>Properties<\/b> and select the <b> Security<\/b> tab<\/li>\n<li>Click to add  the Exchange Server computer account and the AD RMS services group<\/li>\n<\/ul>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS13.JPG\" alt=\"991-RDS13.JPG\" \/><\/p>\n<p class=\"caption\">Figure 2.1: Provide  permissions to Exchange<\/p>\n<ul>\n<li>Make sure  that <b>Read<\/b> and <b>Read and Execute<\/b> permissions are granted for these  two objects as shown in figure 2.1<\/li>\n<\/ul>\n<h3>3. Enable the AD RMS Super Users Group:<\/h3>\n<p>The name of this special  group reflects its role, as it has full control over all rights-protected  content. To complete this step:<\/p>\n<ul>\n<li>Create a  Universal Distribution List with email enabled<\/li>\n<li>Add the  Federated Delivery Mailbox user account to the Universal Distribution List  you&#8217;ve just created. Because the domain account is disabled by default, from the  properties of the user account, click on the <b>Member of<\/b> tab and click to  add the Universal Distribution List as shown below:<\/li>\n<\/ul>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS14.JPG\" alt=\"991-RDS14.JPG\" \/><\/p>\n<p class=\"caption\">Figure 2.2: Join Federated  Email to Super Users group<\/p>\n<p class=\"PULLOUT\">I&#8217;ve made a few assumptions here regarding  things like accepted domains and specified users, but these are things I&#8217;m sure  you&#8217;ll take into account. If you&#8217;re unsure of anything, I&#8217;ve included the relevant  resources at <a href=\"#ref\">the end of this article<\/a>, and you are welcome to post your questions  in the comments below.<\/p>\n<ul>\n<li>From the AD  RMS cluster, expand Security Policies and click Super Users<\/li>\n<li>Click <b> Enable Super Users<\/b>, and then <b>Change Super User Group <\/b><\/li>\n<li>Type in the  email address of the Distribution List already created.<\/li>\n<\/ul>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS15.JPG\" alt=\"991-RDS15.JPG\" \/><\/p>\n<p class=\"caption\">Figure 2.3: Set Super  Users group<\/p>\n<h2>Working with Rights Policy Templates:<\/h2>\n<p> Rights Policy Templates are simply templates we create in the AD RMS cluster to  customize special permissions, which can then be applied to a user, a group or  anyone in the organization. In Exchange Server 2010, Rights Policy Templates can  be applied automatically through transport rules or Outlook protection rules, or  manually by selecting the desired template from within OWA or Outlook. <\/p>\n<p>Now  that you&#8217;ve got AD RMS working with Exchange Server, we will cover some  operations that you can perform while working with rights policy template.<\/p>\n<h2>To create a Rights Policy Template:<\/h2>\n<ul>\n<li>From the AD  RMS console, click <b>Rights Policy Templates<\/b><\/li>\n<li>From the <b> Actions<\/b> pane, select <b>Create Distributed Rights Policy Template<\/b> and  click <b>Add<\/b><\/li>\n<li>Choose a <b> language<\/b>, <b>name<\/b> and <b>description<\/b>, and click <b>Add<\/b><\/li>\n<li>On the <b>Add User Rights<\/b> section, click to  add a user, a group or selectAanyone. After selecting users, assign rights as  appropriate, as seen below:<\/li>\n<\/ul>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS16.JPG\" alt=\"991-RDS16.JPG\" \/><\/p>\n<p class=\"caption\">Figure 3.1: Assigning  users&#8217; right<\/p>\n<ul>\n<li>On the <b> Specify Expiration Policy<\/b>, you can either select <b>Never expires<\/b>, or  you can set the access rights to expire based on a pre-defined duration  criteria.<\/li>\n<li>On the <b> Specify Extended Policy <\/b>(which you might use to enable users to view  protected content via a browser add-on), keep the default for this example and  click <b>Next.<\/b><\/li>\n<li>On the <b> Specify Revocation Policy<\/b>, keep the default as we don&#8217;t need the template to  be revoked later, and click <b>Finish <\/b>to finish the template creation  wizard. In case you&#8217;re not sure on the distinction between Expiration and  Revocation: <\/li>\n<\/ul>\n<div class=\"note\">\n<p class=\"note\">As opposed to Content  expiration, which makes content completely unavailable until it is republished,  Revocation <b>actively denies<\/b> permission to open content based on various  factors, such as content ID, users credentials or the requesting applications.<\/p>\n<\/div>\n<p>After  creating the template, information will be displayed under <b>Distributed Rights  Policy Template<\/b> <b>Information<\/b>, as shown below:<\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS17.JPG\" alt=\"991-RDS17.JPG\" \/><\/p>\n<p class=\"caption\">Figure 3.2: List  of templates<\/p>\n<h3>To edit a Rights Policy Template<\/h3>\n<p>This  is a totally straightforward process. You just need to right click on the  template name, click on <b>Properties,<\/b> select the tab you wish to edit, and  perform the necessary modifications.<\/p>\n<p>For  instance, to edit the <b>Name<\/b> of a rights policy template, click on the <b> Identification Information tab<\/b>, and click on <b>Edit<\/b> as shown below:<\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS18.JPG\" alt=\"991-RDS18.JPG\" \/><\/p>\n<p class=\"caption\">Figure 3.3: Editing Rights  Policy Template<\/p>\n<h3>To archive a template:<\/h3>\n<p>Right  click the desired rights policy template and select <b>Archive this Rights  Policy Template<\/b>, clicking <b>Yes<\/b> to confirm the archive operation.<\/p>\n<p>Once  the Rights Policy Template is archived, it won&#8217;t be available to client  computers after their rights policy template is refreshed. Alternatively, you  can delete a Rights Policy Template by simply highlighting it and clicking <b> Delete <\/b>from the <b>Actions<\/b> pane. However, as a best practice, I  recommend never deleting a Rights Policy Template, but archiving it instead.  Doing so will guarantee that content published using that template can continue  to be consumed, even though the template itself is no longer available.<\/p>\n<h3>For PowerShell Fans<\/h3>\n<p>All  of the above tasks can be performed through Windows PowerShell, but first we  need to run a few preparation cmdlet&#8217;s from within PowerShell:<\/p>\n<ul>\n<li>Import the  AD RMS module:<br \/><i>Import-Module  AdRmsAdmin<\/i><\/li>\n<li>Create a  drive that will represent the AD RMS Cluster:<br \/><i>New-PSDrive  -Name AdrmsCluster -PSProvider AdRmsAdmin -Root https:\/\/localhost<\/i><\/li>\n<li>Set the  current location to the Rights Policy Templates:<br \/><i>Set-Location  AdrmsCluster:\\RightsPolicyTemplate<\/i><\/li>\n<\/ul>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS19.JPG\" alt=\"991-RDS19.JPG\" \/><\/p>\n<p class=\"caption\">Figure 3.4: The steps  needed to manage AD RMS through PowerShell<\/p>\n<p>Now  that we&#8217;re ready to manage AD RMS Rights Policy Templates using PowerShell,  let&#8217;s start with creating a new one by running the following <i>cmdlet<\/i>:<\/p>\n<pre>New-Item AdRmsCluster:\\RightsPolicyTemplate -LocaleName en-us -DisplayName \"Sensitive Data\" -Description \"Template created through Windows PowerShell\" -UserGroup elie@elieb.info -Right ('View','Edit')<\/pre>\n<p class=\"PULLOUT\">It&#8217;s  worth noting that, although passing &#8220;<em>&#8230;  -right &#8220;view, &#8220;edit&#8221; <\/em>&#8221; will work, the way I&#8217;ve described above is what <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/ee221074%28WS.10%29.aspx\">Microsoft  recommends<\/a>.<\/p>\n<p>You    can check the Rights Policy Template creation from within the AD RMS Cluster    console. As you can see in figure 3.6, the template has indeed been created with    &#8220;Sensitive Data&#8221; as the template name, &#8220;English (United States)&#8221; as the    language, and the description and the defined user rights both also as defined    in the cmdlet.<\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS20.JPG\" alt=\"991-RDS20.JPG\" \/><\/p>\n<p class=\"caption\">Figure 3.6: Rights Policy  Template properties<\/p>\n<p>To modify the User Rights  setting for a specific Template, first we need to know the ID of the template,  which we can discover by running:<\/p>\n<pre>Get-ChildItem -Path AdRmsCluster:\\RightsPolicyTemplate<\/pre>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS21.JPG\" alt=\"991-RDS21.JPG\" \/><\/p>\n<p class=\"caption\">Figure 3.8: Getting Rights  Policy Template ID<\/p>\n<p>So, to modify the rights  for an existing user, run the following <i>cmdlet<\/i>:<\/p>\n<pre>Set-Item -Path AdRmsCluster:\\RightsPolicyTemplate\\1b44e35b-c627-438b-8cc0-7424389574f3\\UserRight\\elie@elieb.info -FullControl <\/pre>\n<p>Alternatively, to make  sure that the appropriate rights are applied on a specified email address, run  the this <i>cmdlet <\/i>instead:<\/p>\n<pre>Get-Item -Path AdRmsCluster:\\RightsPolicyTemplate\\1b44e35b-c627-438b-8cc0-7424389574f3\\UserRight\\elie@elieb.info<\/pre>\n<p>The results of this second  action are shown below:<\/p>\n<p class=\"illustration\"><img decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/991-RDS22.JPG\" alt=\"991-RDS22.JPG\" \/><\/p>\n<p class=\"caption\">Figure 3.9: Getting users  permissions on selected Rights Policy Template<\/p>\n<p>To Archive a Rights Policy  Template, run this <i>cmdlet<\/i>:<\/p>\n<pre>Set-Item -Path AdRmsCluster:\\RightsPolicyTemplate\\1b44e35b-c627-438b-8cc0-7424389574f3 -Name IsDistributed -Value $false<\/pre>\n<p>And lastly, to Delete a  Rights Policy Template, run the following:<\/p>\n<pre>Remove-Item -Path AdRmsCluster:\\RightsPolicyTemplate\\1b44e35b-c627-438b-8cc0-7424389574f3<\/pre>\n<h2>Summary:<\/h2>\n<p>In  this article, we have covered how to install an AD RMS Cluster and integrate it  with Exchange Server 2010, as well as how to configure a Rights Policy Template  in AD RMS through the management console and Windows PowerShell, respectively.<\/p>\n<p>If  you wish to work with Active Directory Rights Management Services, I cannot  suggest in strong enough terms that you make sure to start building your test  environment <i>first,<\/i> and start exploring Rights Policy Template creation  and management.<\/p>\n<p>To  that end, I hope that this article was a good start to getting you familiar with  AD RMS, at least until the next article, where we will start working with the  IRM feature introduced in Exchange Server 2010.<\/p>\n<h3><a id=\"ref\"><\/a>References:<\/h3>\n<p>Active  Directory Rights Management Services<br \/><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc772403.aspx\">http:\/\/technet.microsoft.com\/en-us\/library\/cc772403.aspx<\/a><\/p>\n<p>Configuring  Rights Policy Templates<br \/><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/ee221066%28WS.10%29.aspx\">http:\/\/technet.microsoft.com\/en-us\/library\/ee221066(WS.10).aspx<\/a> <\/p>\n<p class=\"note\">This article was commissioned by Red Gate Software, engineers of ingeniously simple tools for optimizing your Exchange email environment. <br \/>Learn more about <a href=\"http:\/\/www.red-gate.com\/products\/Exchange\/index.htm?utm_source=simpletalk&amp;utm_medium=weblink&amp;utm_content=exchangenote&amp;utm_campaign=esa\">Exchange Server Archiver<\/a> and <a href=\"http:\/\/www.red-gate.com\/products\/PST_Importer\/index.htm?utm_source=simpletalk&amp;utm_medium=weblink&amp;utm_content=pstnote&amp;utm_campaign=PSTImporter\">PST Importer.<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>With security concerns being a constant litany, it&#8217;s worth considering Active Directory Rights Management Services as a powerful tool in your access-control arsenal, particularly when it integrates so neatly with Exchange 2010. Elie Bou Issa kindly takes us, step by step, through everything we need to know to install and start using this versatile technology like a pro.&hellip;<\/p>\n","protected":false},"author":221874,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[32],"tags":[4652,4242,5151,4869,4887,4619,4179,4871],"coauthors":[],"class_list":["post-849","post","type-post","status-publish","format-standard","hentry","category-general","tag-active-directory","tag-basics","tag-elie-bou-issa","tag-exchange","tag-general","tag-security","tag-source-control","tag-sysadmin"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/849","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/users\/221874"}],"replies":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/comments?post=849"}],"version-history":[{"count":5,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/849\/revisions"}],"predecessor-version":[{"id":40297,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/849\/revisions\/40297"}],"wp:attachment":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/media?parent=849"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/categories?post=849"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/tags?post=849"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/coauthors?post=849"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}