Windows Server 2000/2003 Thread, DNS Dynamic Updates service account in Technical; Good morning everyone!
I am currently in the process of creating dedicated accounts for a number of services that currently ...
5th December 2013, 10:16 AM #1
- Rep Power
DNS Dynamic Updates service account
Good morning everyone!
I am currently in the process of creating dedicated accounts for a number of services that currently use domain admin credentials. One of these is DNS dynamic updates. The domain itself is 2003 functionality level, with 2003 DCs and DHCP and DNS on DCs.
Taking a look on the MS MVPs website (DHCP, Dynamic DNS Updates , Scavenging, static entries & time stamps, the DnsUpdateProxy Group, and DHCP Name Protection - AD and Exchange Quantum Singularity), I believe I need to do the following:
- Add DHCP DC to DnsUpdateProxy security group.
- Change DHCP to update all records.
- Secure update settings are already in place, so no need to change this.
- Create a standard domain user account and configure DNS dynamic updates to use this.
- Clear all current DNS entries.
- No 2008 R2 servers, so no securing DNS update proxy group or name protection.
Can anyone spot anything missing from this list? If not, that looks like quite a lot of change to enable a least privilege service account, and quite possibly a number of negative security changes. Would it be better to just create a service account with sufficient permissions to update DNS records, when required? If so, what permissions would such a service account require?
Thanks in advance for any help with this enquiry.
5th December 2013, 01:19 PM #2
Do you have scavenging turned on for your DNS currently?
If So, I'd make the change but not carry out point 5, let the records scavenge out over time and anything new will be created by DHCP.
Unless of course you can be sure chaos won't ensue when mass deleting live DNS records all at once.
Other then that, you look spot on.
Thanks to Firefox from:
mistersparky (10th December 2013)
By nathanlivesey in forum Mac
Last Post: 14th October 2009, 11:18 PM
By DaveP in forum Windows
Last Post: 13th September 2009, 10:18 PM
By Geoff in forum Downloads
Last Post: 1st May 2009, 07:36 PM
By BigBadVinny in forum Windows
Last Post: 18th June 2007, 08:21 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)