After quite long, I got some free time & decided to utilize to pen down an article, which talks about new feature Active Directory(AD) based activation introduced in Windows 8 & windows server 2012 & above.
To minimize the problem of piracy, Microsoft has announced starting from windows Vista & above, office products etc, you need to activate it even though you are using Volume licensing. Volume licensing keys are basically used by corporates to activate n number of system using similar keys instead of requiring multiple keys.
key management service (KMS) is the service which can be installed on the dedicated server or collocated with other server roles to allow activation of the volume license version windows (Vista, 7, 2008, R2 etc. )& office (2010, 2013 etc.)products within premise. This server will be installed in the internal environment & caters the local request for the volume activation & KMS service running on KMS host will in-turn contact Microsoft database & verify the key, instead of each system to be activated via phone or internet. KMS can also be installed on virtual machine. If dynamic DNS is enabled, KMS host can register its SRV records automatically & domain joint client can leverage this SRV records to find KMS host for activation. You can run multiple KMS host in the environment.
The Volume Activation Management Tool (VAMT) is a free tool that one can download and use to centrally modify the volume activation method and product key for clients. It can also helps you to track the licenses, their type & many more. The VAMT 3.0
can be used to keep track of MAK keys, KMS keys, Retail keys, OEM keys etc.
Key Management Services
KMS has few downside, comparing to AD based activation of volume license version of windows operating system or office products, you need minimum count of 25 to activate clients & for server operating system it is 5. By default, the renewal of the renewal of the key on machine happens with the KMS host automatically within the duration of 7 days & maximum duration, which client can sustain without renewal is 180 days. So, after every 180 days, you need to connect your machine or server to the KMS host to renew the key, else all sort of travel will be seen on the system. To install KMS one has to use command line interface (CLI).
- Limitation of 25 clients or 5 server count to enable activation.
- Installation is only via CLI.
- For high availability, more KMS hosts are required to be installed either on VM, dedicated server or collocated server.
- Only first KMS host register its SRV records in DNS automatically, for other KMS host, requires manual creation of the records.
- KMS uses TCP port 1688 for client-host communication.
Active Directory-Based Activation (ADBA)
Lets understand, what is Active Directory based activation (ADBA). In the simplest term, ADBA is an optional replacement to the KMS to perform activation of Volume license version of OS or office suites. There are certain prerequisite to get this feature available to your environment.
- It only works with Windows 2012 & 8 operating system.
- DFL/FFL can be windows 2008 R2.
- You need to modify AD schema to windows 2012 (Schema upgrade requires careful considerations).
- 180 days renewal constraint is still applied.
- Workgroup system will be activated on domain join.
- For renewal, the domain joined system must communicate/authenticate to the DC once in a 180 days.
- ADBA feature is not dependent on the single computer, it uses ms-SPP-Activation attribute to store the information in AD which is available on all the DC in the domain.
- No more threshold requirement of 25 client or 5 servers.
- ADBA & KMS can exists together to provide activation for the legacy Windows OS or office installation.
- KMS with ADBA together provides benefits to the windows OS or office clients which doesn’t support ADBA method.
References for ADBA