Compartilhar via


TrustedUserDomain object

The TrustedUserDomain object represents a trusted user domain associated with an AD RMS installation in a different Active Directory forest. A collection of trusted domains enables AD RMS to process license requests from users whose rights account certificates were issued by AD RMS installations in other forests. To import the external domains associated with another AD RMS installation, you can call the Import method on the TrustedUserDomainCollection object and specify the external server licensor certificate. You can retrieve the collection by calling the TrustedUserDomains property on the TrustPolicy object.

Members

The TrustedUserDomain object has these types of members:

Properties

The TrustedUserDomain object has these properties.

Property Description
CertificateExpirationTime
Retrieves the time at which the server licensor certificate associated with the trusted domain expires.
DisplayName
Retrieves a display name for the trusted domain.
DomainNames
Retrieves a collection of trusted email domain names for this trusted user domain.
Id
Retrieves a unique ID for the trusted domain object.
IsADFederationSvcTrusted
Specifies or retrieves a Boolean value that indicates whether the federated users included in an imported user domain are trusted.
IsImported
Retrieves a Boolean value that specifies whether the trusted domain has been imported from another AD RMS installation.
IsSecurityIdentifiersAllowed
Specifies or retrieves a Boolean value that indicates whether the security identifiers associated with the trusted domain are also trusted.

Examples

DIM config_manager
DIM admin_role

' *******************************************************************
' Create and initialize a ConfigurationManager object.

SUB InitObject()

  CALL WScript.Echo( "Create ConfigurationManager object...")
  SET config_manager = CreateObject _
    ("Microsoft.RightsManagementServices.Admin.ConfigurationManager")      
  CheckError()
    
  CALL WScript.Echo( "Initialize...")
  admin_role=config_manager.Initialize(false,"localhost",80,"","","")
  CheckError()

END SUB

' *******************************************************************
' Retrieve trusted user domain information.

SUB GetTudInfo()

  DIM trustPolicy
  DIM tudColl
  DIM Tud
  DIM domainNames
  DIM Index

  ' Retrieve the trust policy object.
  SET trustPolicy = config_manager.Enterprise.TrustPolicy
  CheckError()

  ' Retrieve the trusted user domain collection object.
  SET tudColl = trustPolicy.TrustedUserDomains
  CheckError()

  ' Import a server licensor certificate into the collection
  ' and retrieve a trusted user domain object.
  SET Tud = tudColl.Import( "TUD_Name", _
                            "c:\certFile.bin", _
                            False)
  CheckError()

  IF tudColl.Count < 1 OR IsNull(Tud.Id) THEN
    CALL RaiseError(-610, "Import failed.")
  END IF

  CALL WScript.Echo("Trusted user domain information: ");
  CALL WScript.Echo("Name = " & _
                    Tud.DisplayName)
  CALL WScript.Echo("Expiration = " & _
                    Tud.CertificateExpirationTime)
  CALL WScript.Echo("ID = " & _
                    Tud.Id)
  CALL WScript.Echo("ADFS trusted = " & _
                    Tud.IsADFederationSvcTrusted)
  CALL WScript.Echo("Imported = " & _
                    Tud.IsImported)
  CALL WScript.Echo("SIDs allowed = " & _
                    Tud.IsSecurityIdentifiersAllowed
  CALL WScript.Echo("Trusted domain names:")

  SET domainNames = Tud.DomainNames
  For Index = 0 To domainNames.Count - 1
    CALL WScript.Echo("Domain Name = " & domainNames.Item(Index))
  Next

END SUB

' *******************************************************************
' Error checking function.

FUNCTION CheckError()
  CheckError = Err.number
  IF Err.number <> 0 THEN
    CALL WScript.Echo( vbTab & "*****Error Number: " _
                       & Err.number _
                       & " Desc:" _
                       & Err.Description _
                       & "*****")
    WScript.StdErr.Write(Err.Description)
    WScript.Quit( Err.number )
  END IF
END FUNCTION

' *******************************************************************
' Generate a runtime error.

SUB RaiseError(errId, desc)
  CALL Err.Raise( errId, "", desc )
  CheckError()
END SUB

Requirements

Minimum supported client
None supported
Minimum supported server
Windows Server 2008
Assembly
Microsoft.RightsManagementServices.Admin.dll

See also

Active Directory Rights Management Services Scripting API Reference