none
Access denied when creating a PTR RRS feed

  • Question

  • Checked all permissions I am domain admin, Everything seems ok but when I create A dns record I get a Error 5 Access Denied.

    A powershell exception: Failed to create resource record 23 in zone .....in-addr.arpa on server ..... (Error: 5 - Access is denied. );  has occured for the cmdlet: Add-DnsServerResourceRecord on the machine:  ......

    Dont know where to look. 

    Friday, March 23, 2018 3:46 PM

All replies

  • Just to rule out a common mistake; do you run the command As Administrator?

    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Saturday, March 24, 2018 8:01 PM
  • Yes tried all. Run as admin on the console. I run it trough server manager.

    I verified logs on the domain controllers nothing found. Auditing is on so should expect something in the security logs. IPAM logs say:

    The user ''is allowed to perform operation 'Create PTR record' as the user is part of 'BUILTIN\Administrators' group.

    I do see an error in the admin log of IPAM

    The IPAM audit task failed to  collect Authentication events from Domain Controller  due to the following error: Operation is not valid due to the current state of the object.

    I wonder if some user rights asssigment stuff has not been setup or mixed up. Any requirements for the IPAM server?

    • Edited by LA1976 Monday, March 26, 2018 8:53 AM
    Monday, March 26, 2018 7:18 AM
  • Hi,

    Have a nice day! Thanks for your question.

    This error may occur when someone has given "DENY" permission to everyone or that specific account on the object for that DNS zone.

    You need to remove the "Deny" permission from the object. For that you need to make sure you take the ownership of the object. Please check DNS zone security permission for your operation account as the following figure.

    I also agree with above suggestion. Need to run the command with the administrator priviledge.

    Hope above information can help you. I look forward hearing your good news.

    Highly appreciate your effort and time. If you have any questions and concerns, please feel free to let me know.

    Best regards,  

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Monday, March 26, 2018 8:54 AM
  • So stupid. Seem to have overlooked that permissions are also set on existing records and that deleting and adding can be blocked by permissions on DNS records. I am so sorry to spent all your worthy time on my failure to think harder. Darn again some precious hours of my life gone.

    Monday, March 26, 2018 9:34 AM
  • Hi,

    I am pleased to know that the information is helpful to you. At your convenience, please "mark it as answer" to help other community members find the helpful reply quickly.

    Highly appreciate your effort and time. Thanks for sharing in the forum as it would be helpful to anyone who encounters similar issues. If there is anything else we can do for you, please feel free to post in the forum.

    Have a nice day!

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com



    Monday, March 26, 2018 10:18 AM