Q

How can someone with full OU rights, but who is not a domain admin, manage an AD-integrated zone on

I am consulting for a worldwide company that is in the design stages of Active Directory. It has decided to set up DNS as AD-integrated zones. They are designing a one-domain infrastructure wherein local IT personnel have full admin rights to their perspective OUs. No local IT engineer will have domain administrator privileges.

The question regarding this setup involves DNS administration. How can a local engineer will full OU rights, but who is not a domain administrator, manage the AD-integrated zone on his local DNS server? The local engineer will need this access to add and remove Unix workstations and older OSes that do not support dynamic updates.

In order to provide the ability to administer DNS, you put the users account in a group called DNSAdmins. When you install DNS on a Windows 2000 machine the group DNSAdmins is created and given full control over all zones in the domain in which the DNS server exists. If you have other zones you can create additional groups and assign them rights to the zones by going into the DNS MMC, right-clicking the zone and clicking on Properties then finally the Security Tab.
This was first published in January 2003

Dig deeper on Domain Name System (DNS)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close