步驟 2:軟體保護的金鑰移轉至軟體保護的金鑰Step 2: Software-protected key to software-protected key migration

*適用于: Active Directory Rights Management Services、 Azure 資訊保護Office 365**Applies to: Active Directory Rights Management Services, Azure Information Protection, Office 365*

*適用于AIP 統一標籤用戶端和傳統用戶端**Relevant for: AIP unified labeling client and classic client*

這些指示屬於將路徑從 AD RMS 移轉至 Azure Information Protection,且只有在您的 AD RMS 金鑰是受軟體所保護,而且您想要使用受軟體保護的租用戶金鑰來移轉至 Azure Information Protection 時才適用。These instructions are part of the migration path from AD RMS to Azure Information Protection, and are applicable only if your AD RMS key is software-protected and you want to migrate to Azure Information Protection with a software-protected tenant key.

如果這不是您選擇的設定案例,請回到 步驟4。從 AD RMS 匯出設定資料,並將其匯入 Azure RMS ,然後選擇不同的設定。If this is not your chosen configuration scenario, go back to Step 4. Export configuration data from AD RMS and import it to Azure RMS and choose a different configuration.

使用下列程序將 AD RMS 組態匯入 Azure Information Protection,以產生由您在 Azure 金鑰保存庫中管理的 Azure Information Protection 租用戶金鑰 (BYOK)。Use the following procedure to import the AD RMS configuration to Azure Information Protection, to result in your Azure Information Protection tenant key that is managed by Microsoft.

將組態資料匯入 Azure Information ProtectionTo import the configuration data to Azure Information Protection

  1. 在連線到網際網路的工作站上,使用 AipService Cmdlet 連線到 Azure Rights Management 服務:On an internet-connected workstation, use the Connect-AipService cmdlet to connect to the Azure Rights Management service:

    Connect-AipService
    

    出現提示時,輸入您的 Azure Rights Management 租用戶系統管理員認證 (通常需要使用 Azure Active Directory 或 Office 365 的全域管理員帳戶)。When prompted, enter your Azure Rights Management tenant administrator credentials (typically, you will use an account that is a global administrator for Azure Active Directory or Office 365).

  2. 使用 AipServiceTpd Cmdlet,將每個匯出 信任發行網域上傳 ( .xml) 檔。Use the Import-AipServiceTpd cmdlet to upload each exported trusted publishing domain (.xml) file. 例如,如果您已升級 AD RMS 叢集來支援「密碼編譯模式 2」,您應該至少會有一個額外的檔案要匯入。For example, you should have at least one additional file to import if you upgraded your AD RMS cluster for Cryptographic Mode 2.

    若要執行此 Cmdlet,您會需要之前為每個組態資料檔指定的密碼。To run this cmdlet, you will need the password that you specified earlier for each configuration data file.

    例如,先執行下列命令來儲存密碼:For example, first run the following to store the password:

    $TPD_Password = Read-Host -AsSecureString
    

    輸入您匯出第一個組態資料檔所指定的密碼。Enter the password that you specified to export the first configuration data file. 然後,使用 E:\contosokey1.xml 做為該組態檔的範例,執行下列命令並確認您要執行此動作:Then, using E:\contosokey1.xml as an example for that configuration file, run the following command and confirm that you want to perform this action:

    Import-AipServiceTpd -TpdFile E:\contosokey1.xml -ProtectionPassword $TPD_Password -Verbose
    
  3. 當您上傳每個檔案時,請執行 AipServiceKeyProperties ,以識別符合 AD RMS 中目前作用中 SLC 金鑰的匯入金鑰。When you have uploaded each file, run Set-AipServiceKeyProperties to identify the imported key that matches the currently active SLC key in AD RMS. 此金鑰會成為您 Azure Rights Management 服務的作用中租用戶金鑰。This key will become the active tenant key for your Azure Rights Management service.

  4. 使用 AipServiceService Cmdlet 來中斷與 Azure Rights Management 服務的連線:Use the Disconnect-AipServiceService cmdlet to disconnect from the Azure Rights Management service:

    Disconnect-AipServiceService
    

您現在已經準備好移至 步驟5。啟動 Azure Rights Management 服務You’re now ready to go to Step 5. Activate the Azure Rights Management service.