Hi everyone,

I'm running a DHCP server on our Windows Server 2003 domain controller, and DNS is obviously hosted on the same box with a secondary domain controller on the network as well. Just recently, I noticed that the account that was entered in as a DNS update credentials account within DHCP Advanced tab properties was the same account as a domain administrator, which had escalated privileges. I wanted an account to be dedicated for just DHCP and DNS updating so I created a new account on our network and made that the account for DNS updates in the advanced tab of DHCP properties.

This went ok, but I noticed that a heck of a lot of pens started appearing on the computer icons in DHCP. From what I know, this is caused by that DHCP entry waiting to update a record in DNS. I noticed that if I go over to DNS, right click on some of the entries, and choose properties and then choose the security tab, I can see the new account I created for DHCP/DNS updates listed as having write permissions, but not all of the records have this.

What should be the next step for me to take? Should I delete all the A records for our network computers in the Forward Lookup Zone and wait for them to repopulate? Would that be bad news? Any advice would be greatly appreciated. I haven't actually noticed any problems yet, I changed the credentials used in the updates about a week ago, I haven't heard any panics from anywhere, I just remember that before, there were only pen icons above the few computers I had on the network with reservations in DHCP, no other computers.

If you need more info, please just let me know.