Administering Active Directory Rights Management Services using Windows PowerShell

Starting with Windows Server 2008 R2, Active Directory Rights Management Services (AD RMS) can be installed and administered using Windows PowerShell.
The PowerShell support in AD RMS is divided into two PowerShell modules:

  • ADRMS – Deployment module
  • ADRMSAdmin – Administration module

On a Windows Server 2008 R2 server with the AD RMS server role installed we can see the modules using Get-Module –ListAvailable:

image

 

The AD RMS configuration is exposed through a PowerShell Provider, which we can see using Get-PSProvider after the RMS-modules are imported:

image

Before we can use any of the cmdlets exposed through the AD RMS modules we need to create a PSDrive using the AD RMS PowerShell Providers. In the following example were creating a new PSDrive for the AD RMS Administration module, where we specify the PSProvider to use as well as the URL to the AD RMS cluster:

image

When a PSDrive is set up we can navigate to the PSDrive using cd (alias for Set-Location), and access the different configuration properties. The available containers we can see are similar to what is available in the Graphical User Interface for managing AD RMS:

image

As an example we can we and edit the SuperUser configuration:

image

 

Next we can have a look at the available cmdlets in the AD RMS Administration module by using Get-Command –Module ADRMSAdmin:

image

Note that 5 new cmdlets was added to the AD RMS Administration module in Windows Server 2008 R2 SP1, due to added functionality to support Microsoft Federation Gateway.

Lets try the Get-RmsSystemHealth cmdlet:

image

Notice that the –Path parameter is required, and needs to be pointed at the PSDrive we created earlier.

The same concepts as we`ve looked at for the AD RMS Administration module is the same for the AD RMS Deployment module:

image

We need to create a PSDrive where the AD RMS Cluster configuration are set before we can use the three cmdlets available for installing, uninstalling or updating the AD RMS deployment.

 

For further reference, the AD RMS PowerShell support are well documented on Microsoft TechNet:

Using Windows PowerShell to Deploy AD RMS

AD RMS Deployment Cmdlets

Using Windows PowerShell to Administer AD RMS

AD RMS Administration Cmdlets

Active Directory Rights Management Services on Windows Server TechCenter