Hi,
I am trying to do Split Brain set up on Windows Server 2016. I have an user credentials who belongs to DNSAdmins. This user is not able to add the Split Brian configuration like add zone scope or resolution policy.
I see following error when I try to add zone scope.
PS C:\Users\kirant> Add-DnsServerZoneScope -ZoneName apple.com -Name anyScope -verbose
VERBOSE: The scope anyScope will be added for the zone apple.com on server WIN-MSSIRD3QRBS.
Add-DnsServerZoneScope : Failed to add scope anyScope to zone apple.com on the server WIN-MSSIRD3QRBS.
At line:1 char:2
Add-DnsServerZoneScope -ZoneName apple.com -Name anyScope -verbos ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : InvalidOperation: (apple.com:root/Microsoft/...ServerZoneScope) [Add-DnsServerZoneScope]
, CimException
FullyQualifiedErrorId : WIN32 1013,Add-DnsServerZoneScope
But when I add this user to the Domain Admins who is the member of Administrators then the user is able to perform Split Brain configuration. The issue here is I don't want to give Administrators privileges to the user. I have been trying multiple combinations of privileges but no luck.
What are the least privileges required for an user to perform Split Brain configuration?
Thanks