WavebreakmediaMicro - Fotolia

How do admins check the Exchange IRM setup?

Testing Exchange information rights management functionality can be tedious, but Microsoft offers a dedicated cmdlet for Exchange 2016 administrators that streamlines the process.

The best way to know a tool works properly is to put it through rigorous testing. It's even better when you can automate that process.

Administrators can avoid time-consuming testing of Exchange 2016 information rights management (IRM) configurations with the Test-IRMConfiguration PowerShell cmdlet to ensure Exchange IRM performs as expected.

Administrators use the Test-IRMConfiguration cmdlet to analyze the IRM deployment. This PowerShell cmdlet runs a series of tests that ease the testing process and avoid any missed steps that might happen during a manual procedure.

How the cmdlet tests Exchange IRM

The Test-IRMConfiguration cmdlet starts by examining the Exchange IRM configuration and the Active Directory Rights Management Services (AD RMS) server for proper version and hotfix updates.

After these initial checks, the cmdlet tries to activate the AD RMS server by obtaining a Rights Account Certificate and client licensor certificate. It also attempts to obtain AD RMS rights policy templates from the AD RMS server. These checks verify the availability and connectivity between Exchange 2016 and rights management components.

Sending protected messages

Next, the cmdlet tests that a specified user can send messages protected with Exchange IRM. After sending these messages, the cmdlet attempts to obtain a user license and a pre-license for the desired recipient. This verifies IRM operation between senders and recipients within the organization.

Administrators use the Test-IRMConfiguration cmdlet to analyze the IRM deployment.

If the organization uses Exchange Online, the Test-IRMConfiguration cmdlet will check the connection to RMS Online and then obtain and validate the organization's trusted publishing domain.

Testing depends on the administrator's rights

The number of parameters available for the cmdlet will vary depending on the permissions assigned to the administrator. For example, an administrator responsible for Exchange IRM configuration will generally require both Compliance Management and Organization Management permissions, while a Transport Rules administrator will need Organization Management and Records Management permissions.

Dig Deeper on Microsoft messaging and collaboration