Non-domain admin access denied: get-dnsrecord

Jul 18, 2012 at 1:21 PM

Hi, I wrote a command which queries for an A record:  get-dnsrecord -name <hostname> -recordtype A -server <domain controller>.  This works fine with my domain admin account - and what I then intend to do is pipe it to a set-dnsrecord to change the IP address - but with an ordinary domain account which is an administrator on the member server doing the querying, I get an error in Powershell:

Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

The user account has been granted full control to the A record and users have read access to the zone.

Typing get-dns <zone> as the user account gets information like the Name Servers and SOA for our domain.



Jul 19, 2012 at 2:16 PM

I fixed the issue, wasn't DnsShell related.  I had to grant Remote Activation and Remote Launch rights on the DNS server to the user account (see link for more details).

Keep up the good work!