The Active Directory Rights Management Services management console provides a wizard to change or update the AD RMS service account. The most common use for this process is to update the service account password when it has been changed.

It is important to use this process to update or change the AD RMS service account. This ensures the necessary components are updated properly. These processes include, but are not limited to the following items.

  • Ensure the service account meets the criteria (is a domain account, is not the domain account that provisioned RMS, and etc.)
  • Temporarily suspends RMS functionality on the server during the change
  • Updates the RMS local groups
  • Updates the database role for the service account
  • Updates and restarts the MSMQ and logging services
  • Updates the service account for the _DRMSAppPool1 web application pool
  • Updates appropriate AD RMS configuration database tables

There are important requirements to run this wizard.

  • Must be logged on to the AD RMS server
  • Account running the wizard must be:
    • A local administrator on the RMS server,
    • A member of the AD RMS Enterprise Administrators group, and
    • A SQL SysAdmin on the AD RMS instance
  •  Lastly, this must be performed on each server of the AD RMS cluster