Configure Active Directory-Based Activation (ADBA) for Windows

Active Directory-Based Activation (ADBA) is a Microsoft Volume Licensing method that automatically activates Windows that are joined to an Active Directory (AD) domain. Here is how to set up and configure the Key Management System (KMS) if you have non-domain joined devices. Therefore, in this guide, we shall discuss how to configure Active Directory-Based Activation (ADBA) for Windows. Please, see Check Windows Activation Status and troubleshoot activation errors, and how to update Veeam Backup for Proxmox Plugin to support PVE 9.0.

Active Directory-based activation is implemented as a role service and it relies on Active Directory Domain Services (ADDS) to store activation objects.

Any domain-joined computers running a supported OS with a Generic Volume License Key (GVLK) is activated automatically and transparently. Domain-joined computers stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. A complete list of the GVLK keys for all supported versions of Windows can be found on the Microsoft Learn.

Also, see how to enable Amazon S3 default bucket encryption using S3 Console, and how to fix “Error 0x8007232B: Can’t activate Windows on this device as we can’t connect to your organization’s activation server.

How does ADBA Work?

In order to enable devices with GVLKs on the LAN activate themselves. We will have to install the Volume Activation Services. Next, add a KMS host key by using the Volume Activation Tools Wizard.

Using an older DC, ensure to extend the domain schema level to Windows Server 2012 R2 or later, then add a KMS host key by using the VAMT.

The above image shows how the ADBA works. A KMS Host key (CSVLK) is installed and activated on a domain controller (DC) or another Windows Server with the Volume Activation Services role.

• Next, the system creates an Activation Object in AD, stored in the Configuration partition.
• Domain-joined clients automatically discover this activation object and activate themselves using the domain credentials.
• Activation remains valid as long as the computer stays joined to the domain.

Note: For environments where all devices are domain joined and running a supported OS version. Active Directory-based activation (ADBA) is the preferred option for activating client computers and servers. But if your environment has non domain devices etc., the KMS host is the best option.

Clients that are activated with Active Directory-based activation maintain their activated state for up to 180 days since the last contact with the domain. They periodically attempt to reactivate before then and at the end of the 180 day period. By default, this reactivation event occurs every seven days.

Please, see how to Transfer Windows License from one PC to the other on Windows, and How to Activate Cisco ASA 5505 License.

Activation Scenario!

When a reactivation event occurs, the client queries ADDS for the activation object and compares it to the local edition defined by the GVLK. If the object and the GVLK match, reactivation occurs. But, lets review the two scenarios below;

• Assuming there is a KMS server in the same production environment, and the activation object and the GVLK do not match. If the ADDS object can’t be retrieved, client device use KMS activation as a fall back.
• What if there is no additional KMS host in production? If no KMS host exists, or if the device is removed from the domain and the device or Software Protection service is restarted, Windows changes the status to Not Activated.

Method 1: Install Volume Activation Services

To do this, sign in your your Windows Server and if the Server Manager is not automatically launched. Please fire it up. Please, see how to reinstall Server Manager and disable Server Manager at startup for all users and login users. When launched, click on Manage as shown below.

Next, select Add Roles and Features. The Add Roles and Features Wizard window opens.

On the Before you begin page, click skip or next as you wish to proceed.

Select Role select Role-based or feature-based installation, and then select the Next  button

Select your destination server. This is only useful if you have multiple servers. But we have just one and it is selected by default.

Next, select the Volume Activation Services role

When selected, you will be prompted to add additional features as shown below

As you can see below. The Volume Activation Services has been selected.

On the features page, you can skip.

In the Volume Activation Services page, please hit the next button to proceed.

In the Confirmation page, click on the Install button.

When the installation completes, close the wizard as shown below.

Please, see how to Upgrade Microsoft Office 2019 to 2021 on Mac, and What to know about “Failed to perform Veeam Worker Upgrade”.

Method 2: Install Volume Activation Services

Installing and configure a KMS host employs the steps below. The first step requires you to install the Volume Activation Services role and this can be done via PowerShell with the command below.

Install-WindowsFeature -Name VolumeActivation -IncludeManagementTools

Next you will be required to configure the Windows firewall to allow KMS to receive network traffic. You can allow this traffic for any network profiles, which is the default setting, or for any combination of Domain, Private, and Public network profiles.

By default, a KMS host is configured to use Transmission Control Protocol (TCP) on port 1688. To do this, run the command below to to allow network traffic for only the Domain and Private network profiles

Set-NetFirewallRule -Name SPPSVC-In-TCP -Profile Domain,Private -Enabled True

Configure ADBA on Windows Server

To configure ADBA after installing the Volume Activation Services, select the VA services and right click on the to select “Volume Activation Tools”. You could also use the following command “vmw.exe” or access the Volume Activation Tool directly from Server Manager, select Tools and then click on “Volume Activation Tools”.

On the introduction page, click on Next.

Select “Active Directory Based Activation” and click on Next

Enter your KMS host key and click Next

Note: The Volume Licensing Service Center (VLSC) has been retired, and all its functionalities are now available through the Microsoft 365 admin center. To activate clients, a ADBA host requires a KMS host key (the Customer Specific Volume License Key (CSVLK)). This can now be obtained directly from the Microsoft 365 admin center.

When prompted to add ADBA object to the domain forest, click on Next as shown below.

The AD Forest Activation is being performed after you commit. The rest steps are very straightforward.

Want to activate Office?

To activate a KMS Host Key/Customer Specific Volume License Key (CSVLK) for Microsoft Office. The version-specific Office Volume License Pack needs to be installed on the server where the Volume Activation Server Role is installed.

• Office 2016 VL pack.
• Office 2019 VL pack.
• Office LTSC 2021 VL pack

Verifying Active Directory-Based Activation (ADBA) Activation

When using both KMS and Active Directory-Based Activation, it can be difficult to determine whether a client was activated via KMS or ADBA. During testing, consider disabling the KMS host or using a client that has not yet been activated by KMS.

You can also use the slmgr.vbs /dlv command, which indicates whether KMS was used for activation.

To manage KMS servers and keys, and to obtain activation statistics. You can install the Volume Activation Management Tool (VAMT) utility. The VAMT is included in the Windows Assessment and Deployment Kit (ADK). See this link for more information

FAQs

I hope you found this article on how to configure Active Directory-Based Activation (ADBA) for Windows very useful.