An Active Directory Rights Management Services (AD RMS) licensing server can issue end-user licenses or issuance licenses. End-user licenses specify the right(s) granted to a specific user to consume protected content. Issuance licenses specify the users who can consume protected content and the rights that can be made available to them.
AD RMS licenses are structurally similar to AD RMS certificates. Both are XrML documents and both consist of a certificate chain that ends with a Microsoft root of trust. The purpose of the two documents, however, differs. Licenses typically specify rights and conditions that govern content use. Certificates identify entities such as computers or users by singing them into an AD RMS certificate hierarchy.
The following example shows the basic XrML structure of an AD RMS end-user license:
- <XrML xmlns="" version="1.2" purpose="ContentLicense"> - <BODY type="LICENSE" version="3.0"> + <ISSUEDTIME> + <DESCRIPTOR> + <ISSUER> + <ISSUEDPRINCIPALS> + <WORK> + <POLICYLIST> <AUTHENTICATEDDATA /> </BODY> - <SIGNATURE> + <DIGEST> <ALGORITHM /> <VALUE /> </SIGNATURE> </XrML>+ <XrML xmlns="" version "1.2"> <!-- server licensor certificate -->+ <XrML xmlns="" version "1.2"> <!-- server licensor certificate -->+ <XrML xmlns="" version "1.2"> <!-- DRM-CA-Certificate -->+ <XrML xmlns="" version "1.2"> <!-- DRM-CA-Certificate -->
run dcdiag, netdiag