Your network contains an Active directory forest named contoso.com.
The forest contains two child domains named east.contoso.com and west.contoso.com.
You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain.
You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in
east.contoso.com.
You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in
west.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster in
east.contoso.com.
What should you do?
A.
Modify the Service Connection Point (SCP).
B.
Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain.
C.
Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain.
D.
Modify the properties of the AD RMS cluster in west.contoso.com.
Explanation:
The west.contoso.com are the ones in trouble that need to be redirected to the west.contoso.com
not the east.contoso.com.
Note: It is recommended that you use GPO to deploy AD RMS client settings and that you only
deploy settings as needed.
Computer users find the AD RMS cluster using the SCP. If they go to the AD RMS cluster located in east, one can think that there is a problem with the SCP and with
the AD RMS cluster deployed in the Local Intranet Security Zone.
The SCP could be registered later, not necessarily during the AD RMS configuration. So, we can assume that there is a mistake and the SCP from west, points in fact to the SCP in east and with Group Policy someone deployed the SCP from east in the Local Intranet Zone from west. In order to modify/delete the SCP, we can use ADSI Edit, AD SS, ldp.exe or the AD RMS console from west. And if we want to deploy the correct AD RMS cluster in west, we can use a policy to add this site to the Local Intranet Security Zone in west.
I write this post to tell in fact, that sometimes these questions and answers lack enough details. It’s just my opinion. In this question I see 2 changes: one for the SCP and one for the policy. Maybe in this case, they could ask for 2 answers, instead of one.
One SCP per FOREST. Editing the SCP wouldn’t fix the issue.
Use GPOs to direct the west users to the west server.
https://technet.microsoft.com/en-us/library/jj735304.aspx
Agree with B. Use GPOs to edit client registry settings that will point them in the right direction.