Your network contains an Active directory forest named contoso.com. The forest contains
two child domains named east.contoso.com and west.contoso.com.
You install an Active Directory Rights Management Services (AD RMS) cluster in each child
domain.
You discover that all of the users in the contoso.com forest are directed to the AD RMS
cluster in east.contoso.com.
You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster
in west.contoso.com and that the users in east.contoso.com are directed to the AD RMS
cluster in east.contoso.com.
What should you do?
A.
Modify the Service Connection Point (SCP).
B.
Configure the Group Policy object (GPO) settings of the users in the west.contoso.com
domain.
C.
Configure the Group Policy object (GPO) settings of the users in the east.contoso.com
domain.
D.
Modify the properties of the AD RMS cluster in west.contoso.com.
Explanation:
The west.contoso.com are the ones in trouble that need to be redirected to the
west.contoso.com not the east.contoso.com.
There is no GPOs that controls such settings. The only way the clients can discover the AD RMS cluster is by the SCP. So if the SCP is pointing wrong, then this scenario applies.
The answer is A.
Answer is A
A-100%
“Only one SCP for AD RMS can exist in your Active Directory forest.” – http://technet.microsoft.com/en-us/library/jj835767(v=ws.10).aspx
Also, technet mentions, if you try to install AD RMS, since only one SCP can exist in a forest, you actually have to remove it using ADScpRegister.exe tool.
Since only one SCP per a forest requirement, you can redirect AD RMS aware application (mostly Office) by modifying the following registery keys.
You can change registry keys of these through GPO/Computer Configuration/Preferences/Registry.
So, I guess the answer is B, using west.contosol.com GPO. Note, the question already said including the forest root users and two sub domain users are all redirected to one SCP. To redirect each sub domain users to their AD RMS server, you only have to make changes to west.contoso.com users through GPO.
My answser: B.
————————————————————————————–
Either these keys just for Office 2007* applications:
Location:HKLM\Software\Microsoft\Office\12.0\Common\DRM
String:CorpLicenseServer
Value:
Location:HKLM\Software\Microsoft\Office\12.0\Common\DRM
String:CorpCertificationServer
Value:
*NOTE* change the 12.0 to an 11.0 of you are using Office 2003 **
or these keys for global RMS supremacy on the machine:
Location:HKLM\Software\Microsoft\MSDRM\ServiceLocation\Activation
Reg_Sz: default
Value:
Location:HKLM\Software\Microsoft\MSDRM\ServiceLocation\EnterprisePublishing
Reg_Sz: default
Value:
http://blogs.technet.com/b/rmssupp/archive/2007/07/13/rms-testing-rms-without-modifying-the-ad.aspx
Yup, key word in the question is “domain”
There are multiple domains, not a single domain with 2 sites.
Han is right!!
The answer is B, I spent a few hours looking this up, however, everything points to SCP not being a factor in this scenario. Microsoft is trying to trick you. the SCP cannot be configured in both instances of the AD-RMS. You must modify the settings of the West. . . .users.
correct answer plzzz tell me ???
Answer is E
Hassan: Answer is F
lol
This guy is incredible. asking for answers all over and has not provided any feedback or research. Hassan, stop asking for correct answers and start studying man!
hassan’s MO is obviously to learn donut and memorise answers
answer is P
answer is A, RMS is controlled by SCP not GP.
The answer is A:
Just saw a CBT nuggets video saying you can modify the setting in each domain and I am willing to bet this includes child domain in the same forest
But the caveat here is
http://social.technet.microsoft.com/wiki/contents/articles/710.the-ad-rms-service-connection-point.aspx
Only one SCP per AD forest. So Han is Absolutely correct !!!
The Answer is B once and for all!!
http://support.microsoft.com/kb/2612922
wen u said option is B why cant it be c…. at least they are both the same….. Answer is A
Just One SCP by forest
The answer is B because in the statement “You discover that all of users in the contoso.com forest are directed to the ADRMS cluster in east.contoso.com” >>> By SCP
So you must configure a GPO to force by using the ADRMS cluster in west.contoso.com (B)
This gives me the impression GPOs can be used to configure the clients –
AD RMS Client Deployment Best Practices
https://technet.microsoft.com/en-us/library/jj735304.aspx
regardless of individual opinions, which answer will be marked correct on the certification exam?
Answer: B
bigfly and bobsmith are right and settings CAN be enforced by GPO
https://technet.microsoft.com/en-us/library/jj735304.aspx
Agreed, I think the answer must be B. TechNet specifically states that only one SCP can exist in the forest and that local registry keys can be used to point to a cluster instead of SCP:
http://social.technet.microsoft.com/wiki/contents/articles/710.the-ad-rms-service-connection-point.aspx
Group policy would allow you to push these settings out to west.contoso.com users
https://technet.microsoft.com/en-us/library/cc755112.aspx
I think this is right, you can only have one SCP per forest.
A – modifies the URL which won’t resolve the issue.
B – users in east are working fine so you would redirect west to another place.
C – Users in east are working fine
D – does not redirect users
Correct answer is B.
In an AD RMS cluster, all AD RMS servers are one of two types.
• Root certification servers. The first AD RMS server in an Active Directory forest assumes this role. There can only be one root certification server in each Active Directory forest.
• Licensing servers. This is the role taken on by any additional or secondary AD RMS servers added to provide independent policy options to certain groups within an Active Directory forest.
Since all users are being directed to the ADRMS server in east.contoso.com domain then that server is likely the Root Certification Server. In this case we need to override the SCP settings for the west.contoso.com users (group) so that they get their RMS licenses and certificates from the ADRMS server in the east.contoso.com ADRMS server. This can be done by a GPO linked to the east.contoso.com domain that sets the registry of the AD RMS client that overrides the settings of the SCP. These registry settings are created in:
HKEY_LOCAL_MACHINE\Software\Microsoft\MSDRM\ServiceLocation.
The client registry override keys are the following:
◦ Activation. This key is used to override the default AD RMS certification service that is configured in the SCP. The syntax for this key is http(s):// /_wmcs/certification where is the URL of the root cluster that should be used for certification.
◦ EnterprisePublishing. This key is used to override the default AD RMS licensing service to which the AD RMS client connects. The syntax for this key is http(s):// /_wmcs/licensing where is the URL of the licensing-only cluster.
This question was in my exam today
I agree, it’s B. You should use GPO to deploy AD RMS client settings.
A
Active Directory Rights Management Services (AD RMS) clients use a service connection point (SCP) to automatically discover the AD RMS cluster.
answer is B
https://technet.microsoft.com/en-us/library/jj159267(v=ws.10).aspx#BKMK_ServiceDiscovery
see how RMS service discovery works
…first it queries local registry settings then SCP
Thanks, this link is straight to the point.
Yes @LWG is right. Answer is B.
From the link he provided:
“RMS Service Discovery
RMS service discovery lets the RMS client check which RMS server or service to communicate with before protecting content. Service discovery might also happen when the RMS client consumes protected content, but this is less likely to happen because the policy attached to the content contains the preferred RMS server or service and only if that is unsuccessful does the client then run service discovery.
Service discovery first looks for an on-premises version of Rights Management (AD RMS). If that is unsuccessful, service discovery automatically looks for the cloud version of Rights Management (Azure RMS).
To perform service discovery for an on-premises deployment, the RMS client checks the following:
The Windows registry on the local computer: If service discovery settings are configured in the registry, these settings are tried first. By default, these settings are not configured in the registry.
Active Directory Domain Services: A domain-joined computer queries Active Directory for a service connection point (SCP). If an SCP is registered, the URL of the RMS server is returned to the RMS client to use.”
this is an absolute joke. why is west.contoso.com the one in rouble as it suggests in most of the explanations?? There is absolutely no mention of this being the case in the question.
The exam has been a total nightmare to study for and I have gained nothing from it other than a head ache.
This is the LAST MS exam I am ever touching! Joke!!!
Simple, users are already being directed to East. Meaning we have nothing to fix on the “east” side of things.
As stated, SCP is one per forest, and right now it’s pointing to East.
In order to fix west need to get clients to use the west ADRMS. Hence the GPO.
Answer is B: Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain.
Resources:
http://social.technet.microsoft.com/wiki/contents/articles/710.the-ad-rms-service-connection-point.aspx
“nly one SCP can exist in your Active Directory forest. If you try to install AD RMS and an SCP already exists in your forest from a previous AD RMS installation that was not properly deprovisioned, the new SCP will not install properly.”
and
https://technet.microsoft.com/en-us/library/jj735304(v=ws.11).aspx
“Create a group in Active Directory and use that for targeting AD RMS client deployment It is recommended that you use GPO to deploy AD RMS client settings and that you only deploy settings as needed. Target settings using the same groups used for client deployment.”
Hope this helps…