ServiceIdentity
[This documentation is preliminary and is subject to change.]
The ServiceIdentity object can be used to manage an AD RMS service account. The service account is represented by a ServiceAccount object.
Services, like users, are provided with accounts that can be authenticated. When you provision AD RMS on a server, you must define a service account and specify the account credentials. If the SQL server is shared by more than one AD RMS installation, the service account must be a domain account, but not the same domain account that you used to install AD RMS. The service account is made a member of the RMS Service Group, and is granted the permissions of that group.
You can use the ServiceIdentity object to change the service account. Doing so replaces the account previously contained in the RMS Service Group with the new account.
Methods
The ServiceIdentity object defines the following method.
| Method | Description |
|---|---|
| Update | Updates a new service account to the server. |
Properties
The ServiceIdentity object has the following properties.
| Property | Description |
|---|---|
| CurrentServiceAccount | Retrieves the current service account object from the server. |
| IsDomainAccountRequired | Retrieves a Boolean value that specifies whether a domain account must be used for the service account. |
| NewServiceAccount | Retrieves a new service account object that can be populated and set on the server. |
Example Code [VBScript]
DIM config_manager
DIM admin_role
' *******************************************************************
' Create and initialize a ConfigurationManager object.
SUB InitObject()
CALL WScript.Echo( "Create ConfigurationManager object...")
SET config_manager = CreateObject _
("Microsoft.RightsManagementServices.Admin.ConfigurationManager")
CheckError()
CALL WScript.Echo( "Initialize...")
admin_role=config_manager.Initialize(false,"localhost",80,"","","")
CheckError()
END SUB
' *******************************************************************
' Retrieve the current account and change it.
SUB ChangeServiceAccount()
DIM chngMgr
DIM oldAcct
DIM newAcct
DIM dType
dType = config_manager.Constants.ServiceAccountTypeDomainIdentity
' Create a ServiceIdentity that can be used to change the
' service account.
SET chngMgr = config_manager.ServiceIdentity
CheckError()
' Retrieve the current service account.
SET oldAcct = chngMgr.CurrentServiceAccount
CheckError()
' If the current account is a DomainIdentity type, print the
' domain and user ID.
' Otherwise, if the current account is not a domain type and
' the domain for the account and the user ID are not empty,
' raise errors.
IF oldAcct.Type = dType THEN
CALL WScript.Echo( "Domain:" & oldAcct.UserDomainAccount.Domain)
CALL WScript.Echo( "UserId = " & oldAcct.UserDomainAccount)
ELSE
IF NOT IsNull(oldAcct.UserDomainAccount.Domain) AND _
LEN(oldAcct.UserDomainAccount.Domain) > 0 THEN
CALL RaiseError(-1203, "Current domain is not empty")
END IF
IF NOT IsNull(oldAcct.UserDomainAccount.UserId) AND _
LEN(oldAcct.UserDomainAccount.UserId) > 0 THEN
CALL RaiseError(-1204, "Current user ID is not empty")
END IF
END IF
' Create a new account.
SET newAcct = chngMgr.NewServiceAccount
CheckError()
newAcct.Type = dType
newAcct.UserDomainAccount.Domain = "domain_name"
newAcct.UserDomainAccount.UserId = "User_id"
newAcct.UserDomainAccount.Password = "password"
' Update service account with the new account information.
chngMgr.Update()
CheckError()
END SUB
' *******************************************************************
' Error checking function.
FUNCTION CheckError()
CheckError = Err.number
IF Err.number <> 0 THEN
CALL WScript.Echo( vbTab & "*****Error Number: " _
& Err.number _
& " Desc:" _
& Err.Description _
& "*****")
WScript.StdErr.Write(Err.Description)
WScript.Quit( Err.number )
END IF
END FUNCTION
' *******************************************************************
' Generate a runtime error.
SUB RaiseError(errId, desc)
CALL Err.Raise( errId, "", desc )
CheckError()
END SUB
Requirements
| Product | Requires Windows Server "Longhorn". |
| Library | Use Microsoft.RightsManagementServices.Admin.dll registered as a custom type library. |