Active Directory Based Activation in an multi domain environment


With the release of Windows 10, more and more customers are starting to move from the traditional KMS based activation model to Active Directory-based activation (ADBA).

In a single domain environment, the setup process is really simple, and a complete step-by-step guide can be found here:

But if you’re using a multi domain setup, you might see this errors when you try to Activate online.


In this specific scenario, we had the KMS server installed the child domain, and new servers in the forest root domain was activated using a MAK key. This is not supported if you want to use the Volume Activation Tool to either configure KMS or ADBA on the server.

Here is a brief overview over the setup:


To solve this problem we manually added the SRV record for the KMS host in the child domain to the DNS Servers in the forest root. This allowed new servers in the forest root to be registered and activated correct using the a KMS key.

This solved the problem and the ADBA wizard could complete without any issues.


For more updates on Deployment and Enterprise Client Managemet please follow me on Twitter: @ronnipedersen

If you want to connect via LinkedIn, you can reach me here:

About Author

My name is Ronni Pedersen and I'm currently working as a Cloud Architect at APENTO in Denmark. My primary focus is Enterprise Client Management solutions, based on technologies like AzureAD, Intune, EMS and System Center Configuration Manager. I'm is also a Microsoft Certified Trainer and Microsoft MVP in Enterprise Mobility.


  1. Hello, if we use a ADBA server in the child domain, does any computers in others child domains (or root) can activate with ADBA ?

  2. Hi Ronni,

    Thanks for your article, but i have a question, for ADBA and multiple domains, i have actually 2 AD domains (Ex : domainA and domainB) on two differents forests, but with a trust relationship reciprocal between them.

    We have a project to create a new domain (Ex : domainC) to migrate 2 others domains in this new domain.
    So i would like to know if i can run ADBA on a new DC on the new domainC, with this domain i will created a trust relationship with domainA and domainB.

    Is it possible to activate Windows 10 and Windows Server (2012R2 and 2016) on the 3 domains ? I know it is possible to create SRV DNS entries on differents domains, but i would like to know if it is needed to install ADBA role on DC of each domain, athough there is trusted relationships.
    Not to much documentation about it, so this is why i ask you.

    Thanks you in advance for help

    • Good question. I dont have any experience with ADBA in a mutil-domain environment… Sorry.
      My best advice is to test it and see what happens. If you cant get it to work, create a support case with MS.

    • This is an older question, but in case it helps others, no, you don’t need a domain trust in place for KMS activation to work with clients in a different domain to the KMS host.

      As long there’s a _VLMCS SRV record in the client domain pointing to the correct server and the port is open, it works fine.

      ADBA does not work, however. But we have both running in the primary domain, again with no issues.

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.