Understanding AD RMS Trust Policies
Applies To: Windows Server 2008 R2, Windows Server 2012
You can add trust policies so that AD RMS can process licensing requests for content that was rights-protected by a different AD RMS cluster. You can define trust policies as follows:
Trusted user domains . The addition of a trusted user domain allows the AD RMS root cluster to process requests for client licensor certificates or use licenses from users whose rights account certificates (RACs) were issued by a different AD RMS root cluster. You add a trusted user domain by importing the server licensor certificate of the AD RMS cluster to trust.
Trusted publishing domains . The addition of a trusted publishing domain allows one AD RMS cluster to issue use licenses against publishing licenses that were issued by a different AD RMS cluster. You add a trusted publishing domain by importing the server licensor certificate and private key of the server to trust.
Federated trust . Establishing a federated trust between two forests is done by using Active Directory Federation Services. This is useful if one forest does not have AD RMS installed, but its users need to consume rights-protected content from another forest. For more information about setting up federation support in AD RMS, see Configure Federated Identity Support Settings.