DNSUpdate Task - Granting Necessary Permission For The User Account

Follow

Summary 

This Knowledgebase article provides information about how to grant specific permissions to the user account under which the DNSUpdate task is being ran.

More Information

Neverfail recommends creating a dedicated service account to be used for the DNSupdate task. Once configured in the Neverfail Management Client, these permissions will be encrypted. 

When it is not possible to create a dedicated service account than any other account with the necessary permission can be used for the DNSupdate task. 

Procedure

To grant specific permissions to the user account that runs DNSUpdate task please follow the steps below:

  1. Create a dedicated domain username that will be used only for the DNSUpdate process. This doesn't need to be a domain administrator but a domain user account.
  2. Add the following necessary permissions:
  1. Membership in the BUILTIN\Distributed COM Users group.
  2. Membership in the DNSAdmins group (domain wide) OR equivalent via ACLs on the DNS server / zones.

Note: These steps should be performed on all the Microsoft DNS servers that will need to have records updated / zone refreshed during a switchover or a failover.
mceclip1.png

c. Remote Enable permissions for the ROOT\MicrosoftDNS WMI namespace. Follow the steps below to do this:

  1. Go to Start > Run and type wmimgmt.msc, then click OK.
  2. Right-click on WMI Control (Local) and select Properties.
  3. Select the Security tab.
  4. Expand ROOT, navigate to MicrosoftDNS and select the namespace.
  5. Click on the Security button at the bottom right of the window. This action edits the security settings for the Root\MicrosoftDNS WMI namespace.
  6. Click Advanced.
  7. Add the designated DNSUpdate user to the list, and select Allow for at least the Remote Enable permission.
  8. Click OK (on all windows opened previously) to save the new permissions.

Only for DNS Servers running on Windows 2003:

  1. From Start > All Programs > Administrative Tools, open DNS.
  2. Right click the name of the DNS server and select Properties
  3. Select the Security tab.
  4. Add the DNSAdmins group to the list and give it Full Control.
  5. Click OK on all windows open previously to save the new security settings.
  1. Test the DNSUpdate task, while being run under the new user, by performing a switchover / switchback.

Applies To 

All versions.

 

KBID-2500 

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.