Solved

2003 DNS Delegation

Posted on 2004-03-25
1
311 Views
Last Modified: 2010-04-19
I would like to know if there is a way to delegate autority on a DNS zone to a group of users without adding servers.

We use windows 2003 DNS integrated to 2003 AD.

Let's say for example I'm in domain.com and I want to create the zone a.domain.com and delegate the autority only to this zone.  I know I can add a pair of machines to serve as primary and secondary DNS for the zone but wonder if, since the main zone is integrated to AD, I can leave the new zone in AD too.

Thanks

Ben
0
Comment
Question by:bbourdua
1 Comment
 
LVL 16

Accepted Solution

by:
JamesDS earned 125 total points
ID: 10684757
bbourdua

It isn't possible to delegation administration of a zone to a group of users in the same as you can delegation administration of an OU (for instance). However as you say you can delegate part of a zone or subdomain to a set of servers.

AD integrated zones under Windows 2003 support the application partition which will allow you to choose which DCs get what in terms of DNS. What I suggest is that you delegate the zones as planned, and use the application partition to confine replication of the delegated zone to a subset of servers. Then you can set permissions on those servers to allow only certain users the relevant privs needed to manage the DNS service.

This will solve your problem, but the solution is not perhaps as easy to setup or manage as you had hoped
Cheers

JamesDS
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now