Windows Server 2003

DNS : Enabling DNS Dynamic Update Credentials

DNS : Enabling DNS Dynamic Update Credentials


For further info see MS KB Article:


This should be setup when you enabled secure updates only for an AD-Integrated DNS zone and have devices that are unable to perform secure dynamic updates of their A/PTR records. Examples of this type of device are Thin Client terminals.


Configure service account details on each server as detailed below, use the service account ‘svc_dnsproxy




Then add the computer objects to the ‘DNSUpdateProxy’ group in AD:



Finally it is necessary to remove the stale records from reverse DNS manually. We can immediately clear the 10.144.X.X reverse DNS records then selectively remove remaining stale records ensuring that DCs, Servers and Static Addresses are not deleted.


Forward lookup entries should not be affected by this change.


This change will probably be necessary on all European sites.


Records will now register as follows:


Leave a Reply

Your email address will not be published. Required fields are marked *