How do I change security / permissions on multiple records?

We have 3 AD-Integrated Primary Forest DNS Zones:

company.net  (forest root domain)
corporate.company.net  (child domain)
retailstores.company.net  (child domain)

Our DNS Servers are only on our domain controllers (all 20 DCs in the forest
host the zones).

We have security group called "DNS Record Administrators" and we have just delegated them Full Control on these 3 zones. They appear as full control on the zones after being added so that works correctly. When they create a record, all is well. However all of the existing records don't list this new group in their Security (ACL). It appears I cannot change security on more than 1 record at a time in the DNS Administration snap-in nor ADSI Edit to give them permission to modify the existing records... how do I get them access to all the existing records?
LVL 2
FLPeopleAsked:
Who is Participating?
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Hmm they should be inherited if you set the security on the zone level. That gives us two questions:

1. Are permissions set to inherit; Advanced Security, does it Apply To "this object only" or all child objects as well?
2. Is Inheritance permitted on each record?

Chris
0
 
FLPeopleAuthor Commented:
Was set to "this object only" - whoops. I had thought the default was this object and child objects... Glossed right over that. Changed. Fixed. Thanks!
0
 
Chris DentPowerShell DeveloperCommented:

Nice and easy. Glad it fixed it :)

Chris
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.