Server 2012 R2 wmi access to root/MicrosoftDfs

-

hello,

try grant user access rights wmi /root/microsoftdfs.
don't want promote user local admin. want use user monitoring purposes (dfs backlog monitoring).

i've done far:

- i've assign user groups "distributed com users" , "winrmremotewmiusers__
- i've used wmimgmt.msc grant access rights /root/microsoftdfs user. set 'activate', 'remote activation', 'execute method'

test desired namespace:
wmic /namespace:\\root\microsoftdfs path dfsrmachineconfig
... result: access denied

test namespace /root/cimv2:
wmic /namespace:\\root\cimv2 path win32_product version
... result: access granted

see behavior on windows server 2012 r2 readonlydc.
did same configuration domain controller based on windows server 2008 r2 , domain member test server based on windows server 2012. seems work fine. @ least don't receive 'access denied' results when trying access root/microsoftdfs. assume, 2012 r2 specific behaviour.
different server 2012 r2? how have extend configuration provide access non-admin user wmi namespace?

hi michael,

dfsr depends on active directory (ad) , domain controller (dc) settings, topology, , other goo configures replication.

i did lot of research, can make part of classes under namespace "root/microsoftdfs" worked  without admin right:

1. add domain user groups: performance log users, distributed com users

2. open cmd: wmimgmt->locate "root\microsoftdfs"->assign domain user permissions

execute methods
enable account
remote enable
read security

3. open adsi on dc, , locate "cn=dfsr-globalsettings,cn=system,dc=domainnc" and "cn=dfsr-localsettings,cn=servername,ou=someou,dc=domainnc"->proerties->security->add domain user , assign full controll permission on entry , their subtree.

and ran these classes in powershell query wmi domain user on dc:

get-wmiobject -namespace root/microsoftdfs -class dfsrinfo get-wmiobject -namespace root/microsoftdfs -class dfsrconfig

for more detailed information, please refer information , screenshot in article:

five common causes of “waiting dfs replication service retrieve replication settings active directory”

best regards,

anna wang

please remember mark replies answers if , unmark them if provide no help. if have feedback technet support, contact tnmff@microsoft.com



Windows Server  >  Windows Server 2012 General



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more