Granting User the Rights to Run the DNSUpdate Tasks

Follow

Summary

This Knowledgebase article provides information about how to grant specific user permissions necessary to run DNSUpdate tasks.

More Information

Follow the procedure below to grant specific permissions to run DNSUpdate:

  1. Create a dedicated domain username that will be used only for the DNSUpdate process.
  2. Add the following necessary permissions:

    Note: These steps should be performed on all the Microsoft DNS servers that will need to have records updated / zone refreshed during a switchover or a failover.

    1. Membership in the BUILTIN\Distributed COM Users group.
    2. Membership in the DNSAdmins group (domain wide) OR equivalent via ACLs on the DNS server / zones.
    3. Remote Enable permissions for the ROOT\MicrosoftDNS WMI namespace. Follow the steps below to do this:
      1. Go to Start > Run and type wmimgmt.msc, then click OK.
      2. Right-click on WMI Control (Local) and select Properties.
      3. Select the Security tab.
      4. Expand ROOT, navigate to MicrosoftDNS and select the namespace.
      5. Click on the Security button at the bottom right of the window. This action edits the security settings for the Root\MicrosoftDNS WMI namespace.
      6. Click Advanced.
      7. Add the designated DNSUpdate user to the list, and select Allow for at least the Remote Enable permission.
      8. Click OK (on all windows opened previously) to save the new permissions.
    4. Only for DNS Servers running on Windows 2003:
      1. From Start > All Programs > Administrative Tools, open DNS.
      2. Right click the name of the DNS server and select Properties
      3. Select the Security tab.
      4. Add the DNSAdmins group to the list and give it Full Control.
      5. Click OK on all windows open previously to save the new security settings.
  3. Test the DNSUpdate task, while being run under the new user, by performing a switchover / switchback.

Applies To 

All versions.

 

KBID-2500 

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.