Tired of messing with KMS? Looking for a better way to handle activations? Active Directory Based Activation can make your life a whole lot easier – provided you meet a few requirements.

Joseph Moody

Joseph Moody is a network admin for a public school system and helps manage 5,500 PCs. He is a Microsoft Most Valuable Professional (MVP) in Cloud and Datacenter Management and blogs at DeployHappiness.com.

Active Directory Based Activation (ADBA), first introduced in Windows Server 2012, aims to completely replace Key Management Services (KMS). The benefits over KMS are huge but ADBA has one noticeable drawback. In this guide, we will compare KMS to ADBA. We will also walkthrough an ADBA setup for Windows 8.1 clients.

Volume Activation (VA) Services for Windows Server 2012 R2

Volume Activation (VA) Services for Windows Server 2012 R2

 

How Does ADBA compare to KMS? ^

Microsoft took a look at the common complaints for KMS in order to eliminate them in ADBA. For example, KMS requires a minimal number of clients before activation takes place. Currently, 25 instances are required for client operating systems and five instances are required for server operating systems. ADBA does not have a minimal activation threshold.

ADBA is a GUI based activation mechanism. If you are currently running KMS on a 2008 R2 machine or below, this will probably be a very welcome change. There are some things more suitable to a GUI than command line. In my opinion, activations are one of those things.

With KMS, your activation objects is directly linked to your KMS host. If your KMS host goes down, clients will be unable to activate. ADBA stores its activation objects within Active Directory. By using ADSI, you can view these activation objects.

The Activation Objects as seen from ADSI

The Activation Objects as seen from ADSI

Because the activation objects are stored within Active Directory, they are no longer node specific. As long as a client can contact Active Directory, that client can activate. If clients can’t contact AD, you probably have bigger problems.

Finally, KMS configuration is domain specific. If you manage a large multi-domain environment, KMS requires more administrative effort. ADBA, on the other hand, is a forest wide single instance activation method. A onetime configuration takes care of your entire AD infrastructure.

ADBA requirements ^

ADBA does have a minimal OS requirement. It can only activate Windows 8+ and Windows Server 2012+ operating systems. It also supports Office 2013 activation.

But here is the good news – KMS and ADBA are not mutually exclusive. You can continue to use KMS to activate your older clients and use ADBA for your newer clients. If your KMS host is running (or upgraded) to Windows Server 2012 R2, you can even have both roles on the same machine. Doing this gives you a GUI for KMS.

Surprisingly, you can take advantage of ADBA without needing to upgrade your domain controllers. Your schema version will need to be updated to Windows Server 2012 at least.

Activating Windows 8.1 with ADBA ^

Got 15 minutes and a Windows 2012 R2 Server? Great – let’s set up ADBA! This guide will assume that you are starting from scratch. First, head to the Add Roles and Features wizard. Continue through the wizard until you reach the Server Roles selection. Select the Volume Activation Services role and finish the wizard.

Installing Volume Activation Services

Installing Volume Activation Services

Next, launch the newly installed Volume Activation tools. Select Active Directory Based Activation as the Activation type.

Configuring Active Directory Based Activation

Configuring Active Directory Based Activation

Install your KMS host key and provide a unique name for this value. As a note, you can install a single Windows Server 2012 R2 KMS key to activate client and server operating systems. More information can be found here. Under Product Key management, you will need to select the type of initial server activation.

ADBA Product Key management

ADBA Product Key management

Continue through the wizard until you receive confirmation that activation has successfully been enabled.

To test activation, simply restart an un-activated client. You can check System Properties or the Application Event log to see your successful Active Directory Based Activation!

Our successful activation

Our successful activation!

Are you an IT pro? Apply for membership!

Your question was not answered? Ask in the forum!

0
Share
29 Comments
  1. Corby 4 years ago

    I'm interested in your statement "Surprisingly, you can take advantage of ADBA without needing to upgrade your domain controllers. Your schema version will need to be updated to Windows Server 2012 at least"

    Does this mean I merely need to AD Prep a 2008R2 domain to 2012R2 and then separately install the ADBA on a 2012R2 member server? After the keys are installed, can the 2012R2 member server be removed, because the object now exists in the domain?

    My goal is to have the ability to use ADBA for Windows 10 clients in a 2008R2 domain, and if possible, not run any 2012 servers just yet (we're in early testing for Windows 10). I understand I could still use KMS, but ADBA seems much nicer, especially not having to deal with the thresholds during testing.

    Thanks

    0

  2. Author
    Joseph Moody 4 years ago

    Hi Corby - you will do the ADPrep. You can then use the Volume license activation tools on any 2012R2 or Windows 8/10 machine (with RSAT) to add your licenses to AD.

    0

  3. Andy D 4 years ago

    Hi Joesph,

    I have a client that has implemented ADBA for one domain and is trying to decommission the old KMS server for machines in the old domain.

    So my question is, can machines from the old domain still be activated on the new Volume activation Service via an updated SRV record in the old DNS servers pointing to the new service, without being a member of the new domain using the old method of activating?

    Thanks,

    Andy

    0

  4. Author
    Joseph Moody 4 years ago

    Just to clarify, you are wanting to use KMS cross domains?

    0

  5. Andy D 4 years ago

    Hi Joseph,

    Correct - As part of a demerger, the customer is moving out of the old domain and we are retiring servers belonging to the old domain including the old KMS server as part of this project.

    But we still have machines in the old domain which need old type KMS until we roll out new machine builds.

    Would we have to deploy a new KMS to service these old clients, even tho we have ADBA. Can ADBA handle both the AD and old style of activation?

    0

  6. Author
    Joseph Moody 3 years ago

    You would need KMS and ADBA if you are activating old and new clients.

    0

  7. Todd 3 years ago

    If I use the Volume Activation tool and select Active Directory-Based Activation on server that has an existing KMS configuration and proceed through the setup will it replace the existing KMS configuration? All of the articles I've read go through the ADBA setup first then implement the KMS. I want to make sure that I'm not going to interfere with the existing KMS service.

    0

  8. Author
    Joseph Moody 3 years ago

    You will be fine Todd. My production environment was KMS before ADBA was added.

    0

  9. Kevin 3 years ago

    Am I missing something? I don't see where you detailed the one drawback with ADBA.

    I've just setup ADBA next to my existing (W2K12) KMS server - which is setup to also activate W2K12. I'm hoping to start seeing my W2K12 servers re-activate to AD first, but haven't seen any activity yet.

    Is there something I can do to force my W2K12 servers over to ADBA?

    Also, I have a Win 10 2016 LTSB that's not activating. I've installed the W2K12-Win10 KMS host key to AD. Do I need to install the W2K16 key as well (for Win 10 LTSB to work)?

     

    2+

    • John 3 years ago

      I am curious... did you solve the problem with Win10 2016 LTSB?

      0

  10. David mattox 3 years ago

    We have made the move from KMS to Active Directory Activation using a Server 2016.  Our issue seems to be the clients (Windows 7) are still querying the old KMS server for activation even though DNS for the domain is correct.  If we manual set KMS (slmgr -skms:) and then -ATO it works.  Any suggestions

    1+

    • Kimberly 3 years ago

      Hello David,

      Looks like Windows 7 (and older) still require activation via KMS host server (cannot be activated with an AD-based activation server:  https://blogs.technet.microsoft.com/askpfeplat/2013/02/04/active-directory-based-activation-vs-key-management-services/.

      Kimberly

      0

  11. Matt 2 years ago

    I'm using ADBA and i'm looking for a way to view how many computers have been activated. Is there a way you know? Thanks!

    0

    • Author
      Joseph Moody 2 years ago

      As far as I know, there isn't a central report with this data. Clients activate themselves individually by accessing the AD activation object.

      If you centralize client event logs, you could query for event ID 12308 - that is the successful activation event ID.

      0

  12. Haz 2 years ago

    I have kms server running on a non AD server. I want to keep it as we have windows 7 clients.

    Can I use ADBA on the same server or does it has to be in Active directory server ?

    0

  13. Author
    Joseph Moody 2 years ago

    It should be a server joined to your domain.

    1+

  14. Joachim 2 years ago

    I have ADBA now running and use it for Windows Server, Windows 10, Office 2013 and Office 2016. I see on my servers that the activation works. How can I see which servers, clients  and Office installations have activated so far?

    1+

    • Author
      Joseph Moody 2 years ago

      You can filter the application Event log on your DCs. Look for event ID 12308.

      0

  15. Linda E. Hansel 2 years ago

    Are you able to circumvent specific OUs from using ADBA, or only apply ADBA to certain OUs? My environment has a single forest with OUs based on country. I need to limit ADBA to US only until other countries are ready to adopt this new method.

    0

    • Author
      Joseph Moody 2 years ago

      I don't know if you can or not. In a test environment, you could try to edit the security permissions of the activation object in AD and only allow certain computers to read it. If that works, that could be used to do a phased deployment.

      0

  16. Brando 1 year ago

    Joseph...any idea how to install the volume licensing packs if the Domain Controllers were setup using Windows Server Core?

    0

    • Author
      Joseph Moody 1 year ago

      Can you not use the volume licensing tools that are installed with RSAT on another IT machine?

      0

  17. ZoeTaite 1 year ago

    Joseph,

    We currently have the following functional levels. Domain = 2012 R2 Forest = 2008 R2. Would we need to upgrade the Forest functional level to 2012 R2 or should we be OK with our current setup to try ADBA?

    ZT

    0

    • Author
      Joseph Moody 1 year ago

      You will need to update your forest.  Nothing is 100% but I have never heard of an issue with a forest upgrade.

      0

  18. Mike Biese 10 months ago

    If I implement this, will the clients that are currently using KMS automatically convert over to ADBA or is there something I need to do on the clients?  Clients are all 2012+.

    0

  19. joe 5 months ago

    if the user doesn't have to access the domain for up to 180 days to keep activation active does the user get any prompt during that time?

    0

  20. Julien 4 months ago

    Hello, Can I use ADBA only in a sub domain (not in entire forest)? It seems that the objet is written in sub domain configuration.

    1+

  21. julgeb 4 months ago

    Bonjour,

    Peut-on installer le service ADBA dans un sous-domaine (par exemple subdomain1.maforet.local)  d'une foret sans craindre "d'effets indésirables" (activation inter-domaine par exemple) sur les autres domaines de la foret?

    (Serveur en 2019 - DC en 2012r2 - version du schema 2019)

    maforet.local

    subdomain1.maforet.local

    subdomain2.maforet.local

    subdomainx.maforet.local

     

    Merci de vos retours.

    0

  22. John Nolan 3 months ago

    Hello Joesph,

    I've had ADBA successfully working for a while now thanks to this tutorial... My question is I now want to have ADBA activating server 2016 (and soon 2019)... Do I just follow the step above to add the additional KMS keys on my ADBA server or is there something else I need to do?
    Thanks

    0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account