The DNSAdmin group cannot use Powershell to obtain DNS information

fdsfsd zh 5 Reputation points
2023-09-06T10:48:33.4333333+00:00

I try to execute the Powershell command to obtain DNS information through the pypsrp library of python. Executing Get-DnsServerResourceRecord through the Domain Admin group can return data, but the Dns Admin group does return empty

  1. I added user test1 to DnsAdmin
  2. Enable WMI related permissions
  3. Use the user to execute Get-AdUser to return data, and execute Get-DnsServerResourceRecord or Get-DnsServer to return empty

May I ask what is the problem? I also assigned the DNSAdmin group the Dns registry to no avail. Only the DomainAdmin group can, but I don’t want to set such a large authority to test1

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,440 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,462 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    1 deleted comment

    Comments have been turned off. Learn more

  2. チャブーン 1,286 Reputation points MVP
    2023-09-07T07:58:06.67+00:00

    Hi, fdsfsd zh
    This is Chaboon.

    I tried executed Get-DnsServerResourceRecord on a Domain Controller, DNSAdmins Group is completed, but only Domain Users Group is not complated. Also , I tried executed Get-ADUser, DNSAdmins Group is completed, and Domain Users Group is complated. I do not configred WMI permissions.

    I seem ,you are not necessary to WMI permissions and must be setting "LocalAccountTokenFilterPolicy" registry.

    You can see below article :
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/user-account-control-and-remote-restriction

    Regards,

    0 comments No comments

  3. fdsfsd zh 5 Reputation points
    2023-09-13T10:53:37.03+00:00
    0 comments No comments

  4. fdsfsd zh 5 Reputation points
    2023-09-13T10:54:26.7966667+00:00
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.