Configure Additional Active Directory Server Roles

These questions are based on 70-640 – TS: Windows Server 2008 Active Directory, Configuring
Self Test Software Practice Test


Objective: Configure additional Active Directory server roles.
Sub-objective: Configure Active Directory Rights Management Service (AD RMS).


Single answer, multiple-choice


You are the administrator of your company. Your company’s network has a single forest with one Active Directory domain. All the domain controllers run Windows Server 2008. Your account is a member of the Domain Admins group. You attempt to install Active Directory Rights Management Services (AD RMS) for the first time. You receive the following error: “Event ID 190 AD RMS Service Connection Point Registration”. What could have caused the error?



  1. You are not a member of the Schema Admins group or have not been delegated the appropriate permissions to the schema.
  2. You are not a member of the local AD RMS Enterprise Administrators group or have not been delegated the appropriate permissions.
  3. You are not a member of the Windows Authorization Access group.
  4. An AD RMS SCP already exists in the forest.

Answer:
B. You are not a member of the local AD RMS Enterprise Administrators group or have not been delegated the appropriate permissions.


Tutorial:
You need to be a member of the local AD RMS Enterprise Administrators group and a member of the Enterprise Admins group to install AD RMS. AD RMS clients use a service connection point (SCP) to automatically discover the AD RMS cluster. The error message means that the AD RMS installation failed to register the AD RMS SCP in Active Directory Domain Services (AD DS). After the installation, you can register the SCP by using the AD RMS console if your user account is a member of the local AD RMS Enterprise Administrators group and the AD DS Enterprise Admins group. In this scenario, the user installing AD RMS does not have the appropriate permissions.


You do not have to be a member of the Schema Admins group or have been delegated the appropriate permissions to the schema, nor do you have to be a member of the Windows Authorization Access group. Members of the Schema Admins group have the ability to edit the Active Directory schema. Members of the Windows Authorization Access group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects. Neither group will allow you register a SCP. To register a SCP by using the AD RMS console, the user account must be a member of the local AD RMS Enterprise Administrators group and the AD DS Enterprise Admins group.


The error was not caused by a pre-existing AD RMS SCP in the forest. This is the first time you have installed AD RMS. There should not be a SCP already in existence, since AD RMS has not been installed.


Reference:
MSDN Blogs – Known Issues in AD RMS in Windows Server 2008 Beta 3


Windows Server 2008 Technical Library > Troubleshooting > Events and Errors > Active Directory Rights Management Services > AD RMS Deployment > AD RMS Service Connection Point Registration > Event ID 190 AD RMS Service Connection Point Registration

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment:

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>