Link to home
Start Free TrialLog in
Avatar of CanHasCheezburger
CanHasCheezburgerFlag for United States of America

asked on

Granting permissions to manage Windows DNS from different domain.

Hello,

I am trying to grant a user permissions to modify (add or delete) DNS entries in DomainA while they are logged into a server in DomainB.  There is a two way trust between the domains.

I have added them to the DNSAdmins group on DomainA.

We DO NOT want them to be Domain Admins on DomainA.

We cannot launch the dnsmgmt.mmc and connect to the DNS server. We can ping the server, but cannot connect.

We'd even be OK with using the dnscmd command line tool, but I got an access denied error when I tried that.

What other permissions do I need to set in order to get this work?
Avatar of Bradley Fox
Bradley Fox
Flag of United States of America image

How long did you wait after adding them to DNSAdmins?  You may have to wait for a directory sync to happen...

If you add them to the local administrators group on the DNS server can they do what they need?  (I know this isn't ideal; just for testing).
Avatar of CanHasCheezburger

ASKER

The DNS server is a Domain Controller. Don't want them to be domain admins.

I added them about 5 minutes before the test.
ASKER CERTIFIED SOLUTION
Avatar of Bradley Fox
Bradley Fox
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial