Assigning the user to the dnsadmins group, Dns permissions for windows 2003 sp1 or earlier – HP Storage Mirroring V4.5 Software User Manual
Page 141
A - 2
6.
Select the user to be included in the Storage Mirroring Admin group.
7.
Click OK to return to the Local Group Properties dialog box.
8.
Click OK to return to the User Manager.
9.
Exit the User Manager.
Assigning the user to the local servers’ Administrators
group
The user running the Application Manager must have access to both the servers' administrative
shares and have rights to modify the SPN permissions.
The target's machine account needs to be added to the source's Active Directory computer object for
the purpose of updating the SPNs during failover and failback.
The administrative shares are used to manage the configuration files and failover scripts on the
source and target. To satisfy both of these rights, it is recommended that the user must be a member
of the local Administrators group on each server (source and target).
Follow these steps to add a user to the Administrators group on each server.
1.
On the first server, select Start, Settings, Control Panel.
2.
Double-click Administrative Tools, then double-click Computer Management.
3.
In the left pane, select the Groups folder (located under Computer Management\System
Tools\Local Users and Groups\).
4.
Right-click the Administrator group and select Properties.
5.
If the user is not already a member of the Administrators group, click Add.
6.
In Location, click the domain containing the users you want to add, then click OK.
7.
In Name, type Administrator.
8.
Click OK to close all open dialog boxes.
9.
Repeat for each additional server.
Assigning the user to the DnsAdmins group
Follow these steps to create a user account with permissions to update DNS.
For instructions on assigning permissions to update DNS servers hosted on an Active Directory
domain controller with Windows 2003 Service Pack 1 or earlier, see
For instructions on assigning permissions to update DNS servers hosted on an Active Directory
domain controller with Windows 2003 Service Pack 2 or later, see
For instructions on assigning permissions to update DNS servers that are not hosted on an Active
Directory domain controller with Windows 2003 Service Pack 2 or later, see
DNS permissions for Windows 2003 SP1 or earlier
The following permissions are required to use the DNS Failover Utility to modify DNS records on
Windows 2003 with service pack 1 or earlier:
The user must be a member of the DnsAdmins domain local group. For details, see
the user to the DnsAdmins group
A member of the Server Operator group, at the very least, to Deny the source access to the
records. The resource record security can be set through the record properties within the
DNSMgmt console.
One of the following:
A member of the Domain Admins group, or
Full Control on each of the individual DNS records that are associated to the source IP and
to be updated by the DNS Failover utility (DFO.exe). For details, see