I still receive TONS of questions on KMS even though it has been around for quite some time now. It’s fairly easy to ramp up on. I can generally bring an admin up to speed in under an hour, if they don’t want to read the documentation (located on TechNet: http://technet.microsoft.com/library/ff793409.aspx ).
It’s not very complicated. It’s easy to setup. Just very different from Windows Server 2003. So a bit of a fresher on KMS. Don’t worry. I won’t bore you with too many details as there’s a ton of good information out there on volume activation using KMS.
So what is KMS?
KMS is a service that activates volume license versions of Windows Vista and later as well as Office 2010 and later. Since I’m not an “Office” person, I’ll focus on the Windows side of things. But if you’re curious about Office 2013, look here: http://technet.microsoft.com/en-us/library/ee624357.aspx
In order to activate client operating systems, it requires a count of 25 or server operating systems require a count of 5. These can be any combination of client or server operating systems. By count, we mean that this number of unique KMS clients had to have contacted the KMS host prior to the KMS host activating all KMS clients. Activation lasts for 180 days and attempts to renew with the KMS host every 7 days by default.
To setup the KMS host, we use the command line interface slmgr.vbs to install the KMS host key. The KMS host can be cohosted on a VM or physical server of standalone by itself. You can have one or many. If DDNS is enabled, the KMS host automatically creates an SRV record in DNS so that KMS clients can locate a KMS host and activate against it. Here’s a demo that shows how to do this: http://technet.microsoft.com/en-us/windows/ff716620.aspx?ITPID=flpbook
Very little has changed for Windows 8 and Windows Server 2012. However, we added a GUI. Prior to Windows 8 and Windows Server 2012. For those of you that have KMS hosts setup to support earlier versions of the operating system, you can still use these to activate Windows 8 and Windows Server 2008 R2 as long as the KMS host is running on a Windows 2008 R2 or later operating system. It does require installing an update mentioned in the following article:
Afterwards, you then need to install the Windows Server 2012 volume license key and activate it. This key will activate Windows Server 2012, Windows 8, and client and server operating systems all the way down to Windows Vista and Windows Server 2008.
Now for the new stuff.
Active Directory-Based Activation
With Windows 8 and Windows Server 2012, we also introduced something better.
It is called Active Directory-Based Activation.
It only works with Windows 8, Windows Server 2012, and later and it is forest wide. So for Windows 7/2008 R2 and earlier, you’ll still need to maintain those old KMS hosts.
You do not need to have your forest and functional levels at 2012, but you must have updated the schema to support these operating systems using ADPREP. ADPREP is still located on the Windows media if you plan on running it from one of the existing DCs in the environment.
1) If you haven’t already done so, run ADPREP from the Windows Server 2012 media to update the schema to support Active Directory-Based Activation.
Note: Make sure you be cognizant and cautious as with any schema update.
2) On a Windows Server 2012 machine, install the Volume Activation Services Role
3) After the role has installed, from Server Manager, select Tools, and then select Volume Activation Tools.
4) In the wizard, Active Directory-Based Activation
5) Enter your KMS host volume license key for Windows Server 2012. You’ll forgive me for not showing my right? :-)
You can optionally choose to enter a display name for the AD object you will be creating.
By default, the name is by default the Activation Object is named Windows® Operating System, Volume_KMS_Channel. I chose to entire in a unique object name for my demo.
6) Complete the wizard, but make sure to read the dialog. There’s a trick one at the end.
Click close on the Activation Succeeded window instead of Next. Last thing you want to do is delete the AD object you just created (although it does have a safety precaution of requiring you to check the box).
7) The volume license key must be activated before the domain and clients can be activated. You can do this from the GUI or from the old slmgr.vbs command line.
From here on, all volume licensed versions of Windows 8 and Windows Server 2012 will be activated as soon as they join the domain.
Once you’re activated, if you run slmgr.vbs –dlv, you’ll see the following:
The Application Event log will show the activation event:
Using ADSI, you can view the AD object.
Multiple activations can be listed here. If you have both client and server SKUs, you'll have two activation objects. As long as the server object is available, the client can be safely deleted as the server object will activate both clients and servers.
These objects can be manually deleted using ADSI, but the preferred method is to use Volume Activation Tools.
To do so, go back into the same wizard and select the radio button to Skip to Configuration.
Simply check the Delete checkbox and click on Commit.
Activations still last for 180 days. When a re-activation event, the client will query AD for the Activation Object.
Since AD-Based Activation uses AD, we use LDAP instead of the RPC 1688 tcp port used with KMS.
In the event that the Active Directory object is unreachable, clients will attempt to use the next available activation method which is the KMS activation method. This means if the AD object is unreachable, the client will go check DNS for an SRV record for a KMS host.
If you unjoin a client from the domain, activation will fail on the next license evaluation. This typically occurs when a system is rebooted or the Software Protection Service is restarted. Side note: Don’t disable this service. I’ve seen too many instances of that. It leads to wonky behavior.
Charity “AD Activation Makes Activation Even Easier” Shelbourne
Thank you! I'm glad you enjoyed it. :-)
Sweet new feature and well explained. Thanks!
Glad to hear it! Thank you! :-)
Dumb Question: What's different in AD based activation vs. KMS. Except for the former using LDAP traffic. I mean are there any real enhancements/add on features. Or is it simply a new name for Win8 & WS2012 OS's going forward ?
Good question! AD-Based Activation and KMS activation are two different things. It's not just a rename. There's lots of differences. For starters, with KMS, you need to setup and activate a KMS host using your volume license key. It has an activation threshold that must be met before it will activate machines. The threshold is 25 for clients and 5 for servers. These are accumulative and can be any combination of clients and servers as long as you meet that threshold. The way the threshold works is that KMS keeps count of the computers that are requesting activation. Once the threshold has been met, then it activates the machines. The activation is good for 180 days and clients check in by default every 7 days to renew this activation. The KMS host by default will register an SRV record in DNS so that clients can find it or you can manually specify the KMS host on the computers.
With AD-Based Activation, there is no threshold. The computers are immediately activated when they join the domain and are activated indefinitely unless they are removed from the domain. But AD-Based activation is only for Windows 8/2012 and later. So KMS is still needed for legacy clients like Windows 7 and Windows Server 2008/R2.
Does that help? Let me know if you still have questions!
Thanks Charity, that answers my question. Are you single :)
Nope. Happily married. :-)
I'm glad I could answer your questions.
With KMS you had to register every domain and subdomain separately in DNS. Is this still required with AD-based activation? What if you have clients that are AD-joined but are using a different DNS search suffix?
And what is the recommended activation method for non-domain-joined systems? MAK? Let's say a company has two separate forests. Example: DMZ and Internal. Before I was able to use a single KMS for all. Do I now need to activate all my forests separately?
AD Based Activation (ADBA) is forest wide. Each forest will need to be activated separately, but beyond that, you should be done. No need to maintain a KMS host unless you're activating down level clients such as Windows Server 2008/2008 R2 or Windows 7. In all actuality, that probably means that most enterprises will still have KMS hosts for a while yet until everyone/everything has been upgraded to Windows 8/Windows Server 2012 and later.
With AD based activation, when the machine starts up, the licensing service on the machine queries the DC for licensing object which is shown in one of the screen shots above. It must be in periodic contact with the DC to stay activated. If the machines goes longer than 180 days or is disjoined from the domain, the machine ceases to be activated.
MAK is still the option for machines that are disconnected from the domain or not domain joined (no ADBA) and the KMS count cannot be met (less than 25 clients) or for clients that are not able to periodically contact the domain (for ADBA) or the KMS host.
Question: For those of us sticking with non AD KMS for windows 2012 and win 8 are the activation thresholds for client and server products the exact same as win7/2008R2 (25/5)? Just want to make sure that is what "not much has changed" means. Thanks!