DNSUpdate Task - Granting Necessary Permission For The User Account
Summary
This Knowledgebase article provides information about how to grant specific permissions to the user account under which the DNSUpdate task is being run.
More Information
Neverfail recommends creating a dedicated service account to be used for the DNSupdate task. Once configured in the Neverfail Management Client, these permissions will be encrypted.
When it is not possible to create a dedicated service account than any other account with the necessary permission can be used for the DNSupdate task.
When it is not possible to create a dedicated service account than any other account with the necessary permission can be used for the DNSupdate task.
Procedure
To grant specific permissions to the user account that runs DNSUpdate task please follow the steps below:
i. Create a dedicated domain username that will be used only for the DNSUpdate process. This doesn't need to be a domain administrator but a domain user account.
ii. Add the following necessary permissions:
a. Membership in the BUILTIN\Distributed COM Users group.
b. Membership in the DNSAdmins group (domain wide) OR equivalent via ACLs on the DNS server/zones
b. Membership in the DNSAdmins group (domain wide) OR equivalent via ACLs on the DNS server/zones
Note: These steps should be performed on all the Microsoft DNS servers that will need to have records updated (zone refreshed) during a Switchover or a Failover.
c. Remote Enable permissions for the ROOT\MicrosoftDNS WMI namespace. Follow the steps below to do this:
1. Go to Start > Run and type wmimgmt.msc, then click OK.
2. Right-click on WMI Control (Local) and select Properties.
3. Select the Security tab.
4. Expand ROOT, and select MicrosoftDNS.
2. Right-click on WMI Control (Local) and select Properties.
3. Select the Security tab.
4. Expand ROOT, and select MicrosoftDNS.
5. Click on the Security button at the bottom right of the window. This action edits the security settings for the Root\MicrosoftDNS WMI namespace.
6. Click Advanced.
7. Add the designated DNSUpdate user to the list, and select Allow for at least the Remote Enable permission.
8. Click OK (on all windows opened previously) to save the new permissions.
Only for DNS Servers running on Windows 2003:
i. From Start > All Programs > Administrative Tools, open DNS.ii. Right click the name of the DNS server and select Properties.
iii. Select the Security tab.
iv. Add the DNSAdmins group to the list and give it Full Control.
v. Click OK on all windows open previously to save the new security settings.
Applies To
All versions.KBID-2500
Related Articles
DNSUpdate Utility v2.0.16 - Release Notes
Summary This Knowledgebase article provides release and usage information about this specific version of DNSUpdate Utility v2.0.16 which is bundled with Neverfail Continuity Engine v8.5. More Information New Features Added new option ...How to Create a Task In Neverfail Continuity Engine
Summary This Knowledge base article provides general information about how to create Tasks in Neverfail Continuity Engine. More Information Tasks are a generalization and extension of start, stop, and monitor scripts. Task types are grouped by when ...How to Use the Neverfail Utility DNSUpdate.exe
Summary This Knowledgebase article describes how to use the Neverfail DNSUpdate.exe tool. More Information DNSUpdate automates the change of IP addresses in a WAN environment, where different subnets are used for the Primary and Secondary servers. ...Troubleshooting DNSUpdate Events
Summary This Knowledgebase article provides information for troubleshooting the Neverfail DNSUpdate.exe utility events. More Information If problems are encountered when running DNSUpdate.exe tool, the following options can be used to assist in ...Configuring the Minimum Permissions for the VMware vCenter Service Account Necessary for Having Neverfail Engine Automatically Deployed (Cloned) on the Secondary Server
Summary This Knowledge base article provides information about the minimum permissions required by the VMware vCenter service account necessary for automatically deploying (cloning) Neverfail Engine on the Secondary server. More Information To ...