Thursday, 29 March 2012


This is the Volume Activation Management Tool. When KMS is not an option (Technet subscriptions do not provide KMS keys), VAMT can provide a good alternative using MAK keys.

This article describes how I set up VAMT to activate VMs running on a VirtualBox host-only environment. In this example, VMs will be activated using the VAMT server as a proxy.

  1. Install a Windows Server 2008 R2 server with both host-only and bridged network adapters.
  2. Install VAMT.
  3. Open the console and choose how to locate machines (searching AD for example).
  4. Once the scan finds some machines, they will be in the "Status Unknown" section on the left hand side of the user interface. At this stage no license scanning has taken place.
  5. Highlight a machine, right click and choose "Update Status". You will be able to do this either using the current credentials with which you are logged on with, or you can specify alternative credentials. Ultimately you need to perform this operation with an account with local admin privileges on the remote machine.
  6. Once scanned the machine will be placed in either the Licensed, Not Licensed or Unmanaged sections on the left.
  7. You can add a product key by entering it in the relevant place (it also requires a description). Click "Add Product Key".
  8. You can then right click on the remote computer and choose "Install Product Key".
  9. If the remote client has internet connectivity you can then right click on it and choose Activate - Online Activate. Since in this example the remote computers are on a host-only network, I will set up the VAMT as the proxy activation server. to do this, right click on the remote machine and choose Activate - Proxy Activate. The VAMT will then activate on the client's behalf.
  10. Once done, save the configuration of VAMT, otherwise you'll tend to find the computers won't be there when you next open it, and neither will the product keys. To do this, choose "Save List as" to save the cli file. Next time you go into VAMT, open this file.

Thursday, 8 March 2012

AD Searches with DistinguishedName

I've seen this with both LDAP filters and Get-ADUser:
It seems that you cannot use wildcards when searching with distinguishedName.
So for example the following is not valid:

Get-ADUser -Filter 'distinguishedName -like "CN*"'

The only valid use of wildcards with distinguishedName is to test for existence or non-existence of the value.

e.g. Get-ADUser -Filter 'distinguishedName -like "*"'

The easiest way I have seen to do this is with ADFIND and use the -excldn switch

e.g. adfind -excldn "OU=Admin Accounts,OU=User Management";"OU=Shared Accounts,OU=User Management" -b "OU=User Management,DC=test,DC=com" -f "(&(objectCategory=Person)(objectClass=User))" dn

This will show you just the dn's for the users that are under the OU=User Management,DC=test,DC=com OU structure, but excluding any that have either "OU=Admin Accounts,OU=User Management" or "OU=Shared Accounts,OU=User Management" in their distinguished names.