ncomper
asked on
Allow network Team (non domain Admins) to create AD integrated reverse lookup zones
Hi All
We wanted to enable our network guys to create DNS objects, so on the properties of our DNS servers (All AD running on 2008R2 DC's) we went into DNS on security tab and granted them read, write and create all child objects
The team are able to add A records and PTR records in existing zones but they need to be able to create AD integrated reverse lookup zones as they add new VLAN's
What's the best way to do this
Thanks
We wanted to enable our network guys to create DNS objects, so on the properties of our DNS servers (All AD running on 2008R2 DC's) we went into DNS on security tab and granted them read, write and create all child objects
The team are able to add A records and PTR records in existing zones but they need to be able to create AD integrated reverse lookup zones as they add new VLAN's
What's the best way to do this
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
ASKER
Hi
Just to update anyone who stumbles accross this thread in the future in order to create reverse lookup zones the DNSadmins group need some additonal permissions as detailed below in KB 939090 - it references 2003 but is valid for 2008 and R2 also.
Link to Microsoft KB article 939090
Just to update anyone who stumbles accross this thread in the future in order to create reverse lookup zones the DNSadmins group need some additonal permissions as detailed below in KB 939090 - it references 2003 but is valid for 2008 and R2 also.
Link to Microsoft KB article 939090
Thanks for the great tip!!!
Just a suggestion..