• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 318
  • Last Modified:

2003 DNS Delegation

I would like to know if there is a way to delegate autority on a DNS zone to a group of users without adding servers.

We use windows 2003 DNS integrated to 2003 AD.

Let's say for example I'm in domain.com and I want to create the zone a.domain.com and delegate the autority only to this zone.  I know I can add a pair of machines to serve as primary and secondary DNS for the zone but wonder if, since the main zone is integrated to AD, I can leave the new zone in AD too.

Thanks

Ben
0
bbourdua
Asked:
bbourdua
1 Solution
 
JamesDSCommented:
bbourdua

It isn't possible to delegation administration of a zone to a group of users in the same as you can delegation administration of an OU (for instance). However as you say you can delegate part of a zone or subdomain to a set of servers.

AD integrated zones under Windows 2003 support the application partition which will allow you to choose which DCs get what in terms of DNS. What I suggest is that you delegate the zones as planned, and use the application partition to confine replication of the delegated zone to a subset of servers. Then you can set permissions on those servers to allow only certain users the relevant privs needed to manage the DNS service.

This will solve your problem, but the solution is not perhaps as easy to setup or manage as you had hoped
Cheers

JamesDS
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now