Ok, I’m still learning about Windows Rights Management Services (RMS) and SharePoint Information Rights Management (IRM) and the configuration black art that it is … so … precision and accuracy of the solution below is not guaranteed.
A document library configured with information rights management protection will not display the contents of Office documents after they’re originally created/uploaded. When you try and open, for example, a Word document from the IRM protected SharePoint library all you see is this:
SharePoint IRM and Windows RMS require that the user’s email address be present for both the user account (AD account or local account) AND for the user’s SharePoint profile.
The reason why the email attribute is so important goes something like this: RMS uses the email address to uniquely identify each user and the first time a user tries to protect content, RMS will provision a client certificate from the RMS server. So, I guess this infers that without the email attribute, RMS can’t get a certificate for the user and, therefore, doesn’t know if the user can legitimately see the document and, therefore, does not show the document just in case? Make sense?
Anyway, I had seen/heard somewhere that the email attribute must be present for the user’s Active Directory account. So, I ensured that my test user had an AD email attribute. But things still didn’t work (i.e. blank documents as above). Then, on a call with Microsoft Product Support, we were told that when using SharePoint Information Rights Management (which uses RMS), the user’s SharePoint profile must also have an email address for the “Work e-mail” attribute as shown here:
After ensuring this e-mail attribute was set then, voila, things started working with IRM protected SharePoint document libraries. If your environment is using Active Directory and the user’s AD “E-mail” attributes contain email addresses, then using SharePoint profile import will automatically import the email addresses for the SharePoint user profiles.