Microsoft DNS - Account Setup

Problem

To improve security and stability of an environment, an account with minimal privileges should be used to integrate vRealize Automation with other systems.


Account Configuration

Affected Versions

  • Microsoft 2012 R2
  • Microsoft 2016

Permissions can be delegated to each 'Forward Lookup zone' and 'Reverse Lookup zone' that records are being created in. Follow the steps below.


Configure Read-Access Permissions to the top DNS server layer

  • In the DNS Manager window, right-click and select Properties of the DNS server
  • Ensure the service account is added with Read access
    • Without this set, the DNS server cannot be queried and will fail immediately

Configuring forward lookup zone(s)

  • This is required if you are creating/destroying (A) records.
  • Login into the DNS manager, Right-click on the forward zone where records are being created.  In the security tab. Add the account to the user list. Click on Advanced to bring up Windows below.

  • Highlighting the account - click edit. Apply the following permission set:

Configuring reverse lookup zone(s)

  • This is required if you are creating/destroying (PTR) records.
  • Login into the DNS manager, Right-click on the reverse zone where records are being created.  In the security tab. Add the account to the user list. Click on Advanced to bring up Windows below.

  • Highlighting the account - click edit. Apply the following permission set:

Additional information

See http://docs.sovlabs.com/latest/vRA/7.5/modules/dns/microsoft-dns/ for full configuration process.


Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.