Decommissioning AD RMS
Published: July 8, 2009
Updated: October 22, 2009
Applies To: Windows Server 2008 R2, Windows Server 2008 R2 with SP1
Before you remove the Active Directory Rights Management Services (AD RMS) role from a server, you should first decommission AD RMS. When you decommission AD RMS, the behavior of the AD RMS cluster is changed such that it can now provide a key that decrypts the rights-protected content that it had previously published. This key allows the content to be saved without AD RMS protection. This can be useful if you have decided to stop using AD RMS protection in your organization or still need the information.
You should enable decommissioning on the cluster long enough for users to have the opportunity to save their content without AD RMS protection, and for your network and system administrators to disable any AD RMS-enabled clients that are using the service.
After you enable decommissioning, the AD RMS administration provider namespace will only show the root container in the Windows PowerShell drive; no further administration is supported.
When you decommission a server, it cannot be restored to its previous AD RMS configuration. This process cannot be reversed. Once you have decommissioned AD RMS, you must completely remove AD RMS before you attempt to install another instance of AD RMS.
Membership in the local AD RMS Enterprise Administrators, or equivalent, is the minimum required to complete this procedure.
To decommission AD RMS
At the Windows PowerShell command prompt, type:
:\ -Name IsDecommissioned -Value $true -EnableDecommission
where <drive> is the name of the Windows PowerShell drive.