2003 DNS Delegation

I would like to know if there is a way to delegate autority on a DNS zone to a group of users without adding servers.

We use windows 2003 DNS integrated to 2003 AD.

Let's say for example I'm in domain.com and I want to create the zone a.domain.com and delegate the autority only to this zone.  I know I can add a pair of machines to serve as primary and secondary DNS for the zone but wonder if, since the main zone is integrated to AD, I can leave the new zone in AD too.


Who is Participating?
JamesDSConnect With a Mentor Commented:

It isn't possible to delegation administration of a zone to a group of users in the same as you can delegation administration of an OU (for instance). However as you say you can delegate part of a zone or subdomain to a set of servers.

AD integrated zones under Windows 2003 support the application partition which will allow you to choose which DCs get what in terms of DNS. What I suggest is that you delegate the zones as planned, and use the application partition to confine replication of the delegated zone to a subset of servers. Then you can set permissions on those servers to allow only certain users the relevant privs needed to manage the DNS service.

This will solve your problem, but the solution is not perhaps as easy to setup or manage as you had hoped

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.