<div>
To add onto what Spec01 stated you may also want to enable DNS auditing so you can track who is creating / deleting objects in DNS as well.... ;-)<br />
<br />
<br />
Just a suggestion..
</div>


To add onto what Spec01 stated you may also want to enable DNS auditing so you can track who is creating / deleting objects in DNS as well.... ;-)


Just a suggestion..

<div>
Hi <br />
<br />
Just to update anyone who stumbles accross this thread in the future in order to create reverse lookup zones the DNSadmins group need some additonal permissions as detailed below in KB 939090 - it references 2003 but is valid for 2008 &nbsp;and R2 also.<br />
<br />
<a href="http://support.microsoft.com/kb/939090/en-gb" rel="ugc nofollow">Link to Microsoft KB article 939090</a>
</div>


Hi

Just to update anyone who stumbles accross this thread in the future in order to create reverse lookup zones the DNSadmins group need some additonal permissions as detailed below in KB 939090 - it references 2003 but is valid for 2008  and R2 also.

Link to Microsoft KB article 939090 [http://support.microsoft.com/kb/939090/en-gb]

<div>
Thanks for the great tip!!!
</div>


<div>
<div class="content wysiwyg-content">
Hi All<br />
<br />
We wanted to enable our network guys to create DNS objects, so on the properties of our DNS servers (All AD running on 2008R2 DC's) we went into DNS on security tab and granted them read, write and create all child objects<br />
<br />
The team are able to add A records and PTR records in existing zones but they need to be able to create AD integrated reverse lookup zones as they add new VLAN's<br />
<br />
What's the best way to do this<br />
<br />
Thanks
</div>
</div>


Hi All

We wanted to enable our network guys to create DNS objects, so on the properties of our DNS servers (All AD running on 2008R2 DC's) we went into DNS on security tab and granted them read, write and create all child objects

The team are able to add A records and PTR records in existing zones but they need to be able to create AD integrated reverse lookup zones as they add new VLAN's

What's the best way to do this

Thanks

Allow network Team (non domain Admins)  to create AD integrated reverse lookup zones

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.