The Active Directory Rights Management Services SDK 2.1 platform enables developers to build applications that leverage Active Directory Rights Management Services (AD RMS) or Windows Azure Active Directory Rights Management (AADRMS) to provide information protection. The AD RMS SDK 2.1 handles complex security practices such as key management, encryption and decryption processing and offers a simplified API for easy application development.

To help you answer your questions, we have created this FAQ page to complement the Getting Started guides in the SDK Help documentation and to answer frequently asked questions about the AD RMS SDK 2.1.

Q: Is there a local way (without calling the AD RMS SDK) to recognize whether a file is already protected with AD RMS? For example, can a file be verified to be rights protected by evaluating specific parts of the file header or perhaps some sort of binary signature on the file itself? 

A: There’s no direct way of knowing that a file has been encrypted by AD RMS. As you noted, IpcfIsFileEncrypted() method is the quickest ways to do so.

Q: The encryption/decryption APIs for Office files in the File API Beta SDK use the IpcfEncryptFile and IpcfDecryptFile
methods, which are designed to work with saved data (i.e. a filename and path are included as parameters). Is it possible to also encrypt/decrypt such files as stream data?

A: Stream-based API support has been a consistent ask. It is not available for the current release but we are  looking at this.

Q: How can we invoke all IPC methods with invisible or silent mode? ( Using: Visual Studio 2010, non managed C++, AD RMS 2.1. Beta and the File API Beta)

A: The easiest way to solve this is by using server (IPC_API_MODE_SERVER) mode. When this mode is used, it ensures that we use do not show any privacy prompts. For more information, API Mode Values in the AD RMS SDK 2.1 docs.

Q: Is there a way to enable remote debugging on an AD RMS site?

A: The AD RMS server does not allow remote debugging. A few options that you have are the following:
  1. Go through the reporting logs.
  2. Enable tracing on the AD RMS server, which provides detailed logs.
  3. Enable debugging through Checked builds

Of these options, enabling tracing is probably the most powerful and typically your best option. For more information, see AD RMS Troubleshooting: server-side tracing

Q: What encryption algorithm does IPC_LI_DEPRECATED_ENCRYPTION_ALGORITHMS trigger the use of when I am using the IpcSetLicenseProperty method?

A: Currently, the IPC_LI_DEPRECATED_ENCRYPTION_ALGORITHMS flag specifically refers to the cipher mode used as the symmetric content key is applied to the content. Using this flag downgrades the cipher mode from the default of CBC4K to ECB mode. Over time, however, this flag may also refer to any other changes needed to maintain MSDRM compatibility.