Solved

2003 DNS Delegation

Posted on 2004-03-25
1
314 Views
Last Modified: 2010-04-19
I would like to know if there is a way to delegate autority on a DNS zone to a group of users without adding servers.

We use windows 2003 DNS integrated to 2003 AD.

Let's say for example I'm in domain.com and I want to create the zone a.domain.com and delegate the autority only to this zone.  I know I can add a pair of machines to serve as primary and secondary DNS for the zone but wonder if, since the main zone is integrated to AD, I can leave the new zone in AD too.

Thanks

Ben
0
Comment
Question by:bbourdua
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 16

Accepted Solution

by:
JamesDS earned 125 total points
ID: 10684757
bbourdua

It isn't possible to delegation administration of a zone to a group of users in the same as you can delegation administration of an OU (for instance). However as you say you can delegate part of a zone or subdomain to a set of servers.

AD integrated zones under Windows 2003 support the application partition which will allow you to choose which DCs get what in terms of DNS. What I suggest is that you delegate the zones as planned, and use the application partition to confine replication of the delegated zone to a subset of servers. Then you can set permissions on those servers to allow only certain users the relevant privs needed to manage the DNS service.

This will solve your problem, but the solution is not perhaps as easy to setup or manage as you had hoped
Cheers

JamesDS
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question