Open for Voting

Enable ability for Orion IPAM module service account to be able to monitor (without actively managing/updating/administering) AD-integrated DNS server, so that we are not required to grant DNS Admins role/membership in AD.

Enable ability for Orion IPAM module service account to be able to monitor (without actively managing/updating/administering) AD-integrated DNS server, so that we are not required to grant DNS Admins role/membership in AD.

  • yes!  We are mostly using IPAM as a "spreadsheet" for keeping track of IP addresses, and having a link into AD/DNS that is "management" and not "read only" is unnerving as we simply don't want any of the admins trying to do IPAM work (cleanup, anything) and inadvertently messing with these outside systems that are 100% more important than IPAM (should they break or have data changed in them). I asked a question years ago if removing some IPAM configs would actually cause a change/removal from AD (as adding the device performs some change, to likely initiate zone transfers) and never got an answer... so all those old configs just sit there until I can get around to making a support ticket and forcing an answer from support.  I feel any change is likely harmless, but I have to document the changes for change work, and I want the AD admins to know exactly what's going to happen, should something go wrong.