Allow IT staff to add records to AD DNS servers (not domain admins)


We would like the ability for our network staff to add A and PTR records to our AD integrated DNS zones, however we do not want to grant them domain admin rights

We have 5 DNS servers all running on windows 2008R2 domain controllers

What is the best way of doing this

Who is Participating?
SandeshdubeyConnect With a Mentor Senior Server EngineerCommented:
You can assign the permision to users/groups to from DNS console see this:

Delegating Control of an Active Directory Integrated Zone

I will not recommend normal users to perform this activity for security reasons.But if there is strong business requirement then you have no choice.In addition I will recommend to enable auditing to track the activities.

Auditing a DNS Zone
ncomperAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.