HP StorageWorks Storage Mirroring Recover User's Guide (T5437-96008, November 2009)
649 of 739
DNS permissions for non-Active Directory Windows 2003 SP2 or later
The following permissions are required to use the DNS Failover Utility to modify DNS
records on Windows 2003 with SP2 or later that is not co-hosted with the Active
Directory domain controller:
● The user must be a member of the DnsAdmins domain local group. For details,
see Assigning the user to the DnsAdmins group.
● The user must be a member of the local Administrator group. For details, see
Assigning the user to the local Administrators group.
● The user must be one of the following:
● A member of the Domain Admins group, or
● Granted Full Control on each of the individual DNS records that are
associated to the source IP and to be updated by the DNS Failover utility
(DFO.exe). For details, see Assigning Full Control on the WMI DNS
namespace.
Assigning the user to the local Administrators group
Follow these steps to add a user to the local Administrators group.
1. Select Start, Programs, Administrative Tools (Common), Active Directory
Users and Computers.
2. Click on Builtin.
3. Right-click the Administrators group and select Properties.
4. Select the Members tab.
5. To add a user to the group, click Add.
6. In Location, click the domain containing the users you want to add, then click OK.
7. In Name, type the name of the user you want to add to the group. If you want to
validate the user or group names that you are adding, click Check Names.
8. Click OK to close all open dialog boxes.
Next step:Set SPN update permissions
Setting SPN update permissions
The Write servicePrincipalName permission on the source computer account in Active
Directory must be assigned to the account that will modify the SPNs. This is an
advanced permission and assigning either of the more general Write or Full Control
permissions, which are assigned to Domain Admins by default, would also be adequate.
The permission must be assigned to one of the following: