This article is also available for viewing online at http://knowledgebase.solarwinds.

com/kb/questions/3699/
Granting read only access to non-administrator account for IPAM DNS Monitoring
Granting read only access to non-administrator account for IPAM DNS Monitoring
Note: Applies to IPAM 3.0 or greater.

You may have a scenario where you need to poll the DNS server without an administrator account. The following
steps detail how to use a non-administrator account.
You must add the User to the DNSAdmin group.
Enable Account for WMI:
You should use DNS Server Administrator (account allowed to make changes on the DNS server) based on your
network configuration.
In Standalone DNS it might be a Local Administrator (which by default is preconfigured for remote WMI Access).
Administrators are by default configured to make DNS server management tasks.
In a AD+DNS setup, it should be the account who has full DACL to manage the DNS Server and additionally it has to
have enabled remote WMI for management according the steps below.

Configure DCOM Services

1. Start dcomcnfg
2. Expand Component Services\Computers and Right mouse click on My Computer and select Properties.
3. Go to the COM Security Tab.
4. In the Access Permissions group click on Edit Default and add your account and Enable Local Access and Remote
Access Checkboxes.
5. In the Access permissions group click on Edit Limits, add your account and enable Local and Remote Access.
6. In the Launch and Activation permissions click on Edit Default and add your account and Allow all checkboxes.
7. In the Launch And Activation permissions Click on Edit Limits and Add your account and Allow all checkboxes.
Configure Access to the WMI Branch
8. Start MMC console and add WMI Control Snapin.
9. Right click on the snapin and click on Properties.
10. In the Security Tab select MicrosoftDNS and CIMV2 branch and Click on Security button.
11. Add your account, and Allow: Execute Methods, Enable Account, Remote Enable.
12, Verify the new user you created has DNSAdmin rights on DNS Security tab.
13. Start dnsmgmt.msc
14. Right click on Server/Service and view Properties to confirm that all the check boxes for the new user are
checked.
Print Article - Granting read only access to non-administrator account for... http://knowledgebase.solarwinds.com/kb/questions/3699/__print
1 of 2 9/1/2014 5:43 PM

Testing Connection to a DNS Server with specific credentials
Use wbemtest tool and connect to a machine using namespace like:
\\remote_hostname\root\MicrosoftDNS

Print Article - Granting read only access to non-administrator account for... http://knowledgebase.solarwinds.com/kb/questions/3699/__print
2 of 2 9/1/2014 5:43 PM