• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 774
  • Last Modified:

KMS Server limited to an OU


We're using a big domain with many OU inside. Till now, I was the only one using KMS to activate my Windows and Office.

But now, there is another OU which want to do the same.
I don't want them to use my KMS because of licence key (we have separate contrat from microsoft).
So my question, is it possible to limit a KMS to an OU ?
Or should I publis multiple KMS and limit "view" by restriciting access-list on my firewall ?

Any suggestions will be appreciate.
Thx in advance.
1 Solution
Ernie BeekExpertCommented:
I think the latter would be the way to go. KMS doesn't really integrate into AD (only uses DNS which technically is a part of AD).
So you can't limit it to an OU but need to address this on a network level.
Have a look at this:
and this

though yes you can just add them both then limit the ports on the firewall. It picks them at random until it finds one that works. http://technet.microsoft.com/en-us/library/ff793434.aspx see "client discovery" section
KMS does not require Domain authentication so there is no way to select witch clients have access to licensing keys. Blocking that traffic is one way but I would explore how to set KMS to only give licensing keys to selected subnets.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now