MSMQ 4.0 may need extra permissions to install on a domain controller

There is a new KB out for installing MSMQ on a Windows Server 2008 domain controller.

931659 The Message Queuing service may not be installed or may not start after you install Message Queuing with the "Active Directory Integrated" option or the "Downlevel Client Service" option enabled in Windows Server 2008

which discusses setting permissions on the computer object of the domain controller, specifically Create All Child Objects and Delete All Child Objects. 

Interestingly, the same information is already online in the Windows Server 2008 Technical Library on TechNet:

Installation Permissions

https://technet2.microsoft.com/windowsserver2008/en/library/55897dbb-7eb4-4d3d-bbe6-87fe130c463f1033.mspx?mfr=true

under

“Setting Permissions in Active Directory Domain Services Before Installing the Directory Service Integration Feature of Message Queuing on a Domain Controller”

although the permission documented there is different (Create MSMQ Configuration Objects instead of Create/Delete All Child Objects).

I'll dig around to see which of the two is the definitive answer.

[[Updated 13th October 2008]]

Jolie Boushey wrote:

"While both will work, the only permission that should be required for these workarounds is the Create MSMQ Configuration Objects (and if they want MSMQ to be able to delete the AD object when you uninstall, it needs the Delete MSMQ Config. Objects permission, too). Create/Delete All Child Objects will give you the MSMQ perms., but you should only need the MSMQ ones. Whenever I use that workaround I only select the MSMQ perms. & it works fine for me."