Active Directory Based Activation

I got to delve into Active Directory Based Activation today and found that the documentation was a bit confusing.  I had to review articles from different sources to sort it all out so here’s my summary for implementing this:

1. You can install this on a member server by downloading the latest Windows Deployment Kit from Microsoft (1903 as of this writing).   I installed this on a Windows 2019 member server, selecting Volume Activation Tool only.
2. You can download SQL Express and install it as shown in Microsoft’s documentation or you can point this to an existing SQL Server.  Either way have SQL installed at this point before proceeding.   If you are using a shared SQL Database have your DB grant the account you are using for the install DB creation rights.
3. Open the VAMT tool and when prompted enter the SQL Server name and a database name.  If the database doesn’t yet exist it will be created.
4. To scan client computers for product licensing you will need to open the Windows Management Instrumentation ports on the Windows Firewall.  You can do this via Group Policy.  Note that you want to make sure that this applies to All Subnets – not just local subnets.  Check the policy on a target computer to be sure.
   • Windows Management Instrumentation (ASync-In),
   • Windows Management Instrumentation (DCOM-In)
   • Windows Management Instrumentation (WMI-In)
5.  Once that is done within VAMT go to Products and over on the right Discover Products.  The dialog box should auto fill the domain and you can simply hit Search to search the entire domain.   All clients that can be contacted will be added to the database.  Note that their License Status will not be queried until you select the discovered clients and choose Update license status on the left.  You can use your credentials if you are logged in with an account that has permissions to these clients or specify different credentials.
6. The above step does nothing to change the activation status of your clients.  At this point you need to add product key(s) for your Server and Desktop OS and Office version.Note that if you add a Windows Server 2019 key it will activate downlevel server clients down to Windows Server 2012 R2.   Windows Server 2008 R2 (as well as Win7) cannot be activated via ADBA.  You must continue to use KMS for those clients – which should be gone by January 2020 right?!
7.  Once you have added your keys the next step is to go to the Active Directory Based Activation node on the left and then choose Online activate forest on the right.    The product keys you entered in the previous step should be displayed.  Choose one of them.  You can change the AD Object Name but note you cannot rename it later, then choose Install Key.  This will create an AD Activation Object which is then replicated to all the domain controllers in your domain.  This is one of the really great things about ADBA vs KMS.Note if you get 0xC004F050 error when installing the key to create the AD Activation Object in the above step, that means the Product Key is invalid to VAMT.  A couple of reasons this occurs:
   • For Office keys you have to install the Microsoft Office Volume License Pack software on the VAMT server and run through the wizard.  You will then be able to add the AD Activation Object.
   • If you add a Windows Server 2019 KMS key and AD Activation Object, then add a Windows Server 2016 KMS key and attempt to add the AD Activation Object you will get this error because Windows Server 2016 will be activated via the Windows Server 2019 AD Activation Object.
8. To test that AD Based Activation is working you restart the client or restart the Software Protection Service on the client.  In VAMT select the client and choose Update license status on the left.  With the client selected, go down to the bottom pane and scroll to the end and you should see Active Directory Based Activation listed as the Volume Activation Method.