You receive an "Access Denied" error message when you use the Windows 2000 DNS snap-in (313526)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
This article was previously published under Q313526 SYMPTOMS If you start the DNS snap-in, you receive an "access
denied" error message. You may receive this message either immediately after
you start the DNS snap-in or up to five minutes after you try to start the
snap-in. You may receive this message even if you are logged on as a local
administrator or a domain administrator. If you try to view the
permissions on the DNS server object in the DNS snap-in, the Security tab may be missing. This behavior may occur even if you are
logged on as a domain administrator. If you try to delete the
MicrosoftDNS object in Active Directory, you may receive the following error
message: Windows cannot delete object MicrosoftDNS
because:
The specified directory service attribute or value does not
exist. You receive this error message even though the MicrosoftDNS
object is displayed in the System folder in the Active Directory Users and
Computers snap-in. CAUSE This behavior may occur if the Access Control List (ACL) on
the MicrosoftDNS object in Active Directory is restricting access to this
object. This behavior occurs if the user account that you use to open the DNS
snap-in does not have the permissions that are required for this operation.
RESOLUTION To resolve this behavior, modify the permissions on the
MicrosoftDNS object in Active Directory. To do so, take ownership of the
MicrosoftDNS object and reset the permissions on this object in Active
Directory:
- Log on as a member of the local Administrators group on the
domain controller.
- Start the Active Directory Users and Computers
snap-in.
- Make sure
that the Advanced Features check box is checked. To do so, click
View, and if the Advanced Features check box is not selected, click to select the Advanced Features check box.
- Beneath the domain name, click the System container.
- Right-click the
MicrosoftDNS object in the right pane, and then click
Properties.
- Click
the Security tab, and then click Advanced.
- Click
the Owner tab, click either the Administrators group or the Administrator account that you are currently logged on
with, and then click OK.
- In the Security dialog box, click to
assign Full Control permissions to the
Administrator account, Read permissions to
the Authenticated Users group, and permissions to any other users and
groups to which you want to grant access to this object.
Note If you start the DNS snap-in and still receive an error message, restart the DNS Server service to make the changes take
effect. To do this, follow these steps:
- Click Start, click Run,
in the Open box type cmd, and then
click OK.
- At the command prompt type the following commands and press
ENTER after each command:
- To close the command prompt, type
exit and then press ENTER.
| Modification Type: | Major | Last Reviewed: | 3/16/2005 |
|---|
| Keywords: | kberrmsg kbprb KB313526 |
|---|
|