Specifying the Rights Account Certificate Validity Duration
Updated: October 22, 2009
Applies To: Windows Server 2008 R2, Windows Server 2008 R2 with SP1
You can specify the validity periods for both standard and temporary rights account certificates (RACs) provided by Active Directory Rights Management Services (AD RMS). By default, a standard RAC is valid for 365 days and a temporary RAC is valid for 15 minutes. After the end of these periods, users must acquire new certificates when they attempt to acquire publishing or use licenses. The manner in which the RAC is renewed depends on the AD RMS-enabled application. In some cases, it may be transparent; in others, the user may need to actively submit a request.
Note
If you are using Active Directory Federation Services (AD FS) with AD RMS, the rights account certificate validity duration is specified as an identity federation support setting. For more information, see Configuring Federated Identity Support Settings.
Membership in the local AD RMS Enterprise Administrators, or equivalent, is the minimum required to complete this procedure.
To specify the Rights Account Certificate Validity Duration for standard certificates
At the Windows PowerShell command prompt, type:
Set-ItemProperty -Path<drive>:\IssuancePolicy -Name StandardCertValidityPeriodInDays<days>where <drive> is the name of the Windows PowerShell drive, and <days> is a number that specifies how many days the standard RAC will remain valid.
To specify the Rights Account Certificate Validity Duration for temporary certificates
At the Windows PowerShell command prompt, type:
Set-ItemProperty -Path<drive>:\IssuancePolicy -Name TemporaryCertValidityPeriodInMinutes<minutes>where <drive> is the name of the Windows PowerShell drive, and <minutes> is a number that specifies how many minutes the temporary RAC will remain valid.
See Also
Concepts
Using Windows PowerShell to Administer AD RMS
Understanding the AD RMS Administration Provider Namespace
Administering Certificates