Registering the Key Management Service (KMS) in Active Directory

Share This Post

The Key Management Service (KMS) is often the preferred way of activating Windows servers and clients for Enterprises. The DNS record allows servers and clients to locate the KMS server and use it to automatically activate Windows. When the KMS server is installed the following DNS record should be automatically created, however here is how to manually create the required DNS Record.

To create the KMS DNS record using PowerShell, issue the PowerShell command bellow:

Add-DnsServerResourceRecord  -Name "_vlmcs._tcp" -ZoneName "lab.local" -SRV -DomainName "" -Priority 0 -Weight 0 -Port 1688 -ComputerName labdc01.lab.local

Alternatively the DNS Record can be created manually by performing the following steps

  1. Open the DNS Management Console on a Domain Controller

  2. Right click on the domain you wish to create the DNS record, in this case lab.local and select Other New Records

  3. Select Service Location (SRV) from the list

  4. Enter the required information
    Service: _vlmcs
    Portocol: _tcp
    Port Number: 1688
    Host: hostname or IP address of the KMS server

    The result should look something like this:

  5. Verify that the DNS record was created successfully
  6. Verifying and Troubleshooting

    The slmgr.vbs is the tool to use for troubleshooting and testing. The documentation for this command is available here:

    slmgr.vbs /ato

    Attempts to activate Windows normally, a message box will indicate if the machine was activated successfully or not. If it fails, check that the client can communicate with the KMS on UDP port 1688 and that a KMS license is installed.

    slmgr.vbs /ipk N69G4-B89J2-4G8F4-WWYCC-J464C

    Changes the product key for the system, in this case the KMS key for Windows Server 2019 Standard Edition is specified. All KMS client keys can be found here:

    slmgr.vbs /skms host/ip:port

    Specifies the KMS server to be used and should not be required for Active Directory joined devices as they should find the DNS record created above.

    slmgr.vbs /dli

    Displays information for the license that is currently installed.

Want To See More?

Azure AD

Access Reviews with On-Premise Groups

In some of my earlier post I have talked about Access Reviews that are part of the Identity Governance tools in Azure AD. One of


Access Reviews: Manage Guest Users

Azure AD’s B2B (Business to Business) functionality allows organizations to invite external users into their organization so that they can collaborate. However, very few of