+ Post New Thread
Results 1 to 2 of 2
Windows Server 2000/2003 Thread, DNS Dynamic Updates service account in Technical; Good morning everyone! I am currently in the process of creating dedicated accounts for a number of services that currently ...
  1. #1

    Join Date
    Oct 2011
    Thank Post
    Thanked 0 Times in 0 Posts
    Rep Power

    DNS Dynamic Updates service account

    Good morning everyone!

    I am currently in the process of creating dedicated accounts for a number of services that currently use domain admin credentials. One of these is DNS dynamic updates. The domain itself is 2003 functionality level, with 2003 DCs and DHCP and DNS on DCs.

    Taking a look on the MS MVPs website (DHCP, Dynamic DNS Updates , Scavenging, static entries & time stamps, the DnsUpdateProxy Group, and DHCP Name Protection - AD and Exchange Quantum Singularity), I believe I need to do the following:
    1. Add DHCP DC to DnsUpdateProxy security group.
    2. Change DHCP to update all records.
    3. Secure update settings are already in place, so no need to change this.
    4. Create a standard domain user account and configure DNS dynamic updates to use this.
    5. Clear all current DNS entries.
    6. No 2008 R2 servers, so no securing DNS update proxy group or name protection.

    Can anyone spot anything missing from this list? If not, that looks like quite a lot of change to enable a least privilege service account, and quite possibly a number of negative security changes. Would it be better to just create a service account with sufficient permissions to update DNS records, when required? If so, what permissions would such a service account require?

    Thanks in advance for any help with this enquiry.

  2. #2

    Join Date
    Dec 2009
    Thank Post
    Thanked 33 Times in 31 Posts
    Rep Power
    Do you have scavenging turned on for your DNS currently?

    If So, I'd make the change but not carry out point 5, let the records scavenge out over time and anything new will be created by DHCP.
    Unless of course you can be sure chaos won't ensue when mass deleting live DNS records all at once.

    Other then that, you look spot on.

  3. Thanks to Firefox from:

    mistersparky (10th December 2013)

+ Post New Thread

Similar Threads

  1. Mac Update Service (WSUS 4 MAC)
    By nathanlivesey in forum Mac
    Replies: 21
    Last Post: 14th October 2009, 10:18 PM
  2. Replies: 15
    Last Post: 13th September 2009, 09:18 PM
  3. Windows Server Update Services 3.0 Beta 2
    By Geoff in forum Downloads
    Replies: 11
    Last Post: 1st May 2009, 06:36 PM
  4. Domin Service Account
    By BigBadVinny in forum Windows
    Replies: 1
    Last Post: 18th June 2007, 07:21 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts