Delegating DNS Rights and Permissions to Users

Friday, October 28, 2011

Interesting question found on the Microsoft TechNet forums.... "I want to delegate one of my users to manage the DNS records. But I don't want him to have any privilege to change the DNS server settings. What action can I take?"

To provide the ability for a user to manager the DNS server settings...

Add the user to the DNSAdmins group. This group, by default, already has the necessary rights and permissions to administer the DNS server.

If you want for this group or another group to manage the content of the zones hosted on the server, follow this step.

Using the DNS Admin console, right click the domain of interest, choose properties. Access the Security tab. Add the group that you want to provide access, to the Access Control List (ACL). Next, modify the Access Control Entry (ACE) to provide the necessary permissions you wish to provide the group.

dns delegate permissions

Once the proper permissions have been set, have the user install and run the DNS Admin console. The console is available once you install the RSAT (Windows Vista/7/2008), or AdminPak (Windows 2000, 2003, XP) tool kit.

Did you find the page informational and useful? Share it using one of your favorite social sites.

Recommended Books & Training Resources

MCITP Windows Server 2008 Enterprise Administrator: Training Kit 4-Pack: Exams 70-640 70-642 70-643 70-647 Windows Server 2008 R2 Unleashed