How can I delegate control to a specific DNS zone to a non-domain admin
without adding that user to the "DNS Admins" group. Basically, I created a
zone on our DC for our Cisco devices. I want to grant our Network guys
administrative access to the zone without granting rights to all the zones
on the DC.

Thoughts?

In news:%(E-Mail Removed),
MJC <(E-Mail Removed)> typed:
> How can I delegate control to a specific DNS zone to a non-domain
> admin without adding that user to the "DNS Admins" group. Basically,
> I created a zone on our DC for our Cisco devices. I want to grant our
> Network guys administrative access to the zone without granting
> rights to all the zones on the DC.
>
> Thoughts?

Keep in mind, DNS zone delegation is for delegating a child zone to a
different server(s). Therefore you can delegate this child zone (assuming
that is what you are talking about) to the DNS server that will be hosting
that zone and that they have control over. On that server, create the whole
child zone, such as childname.parentdomainname.com. THey will haev full
control over it and nothing else.

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Try using Outlook Express or any other newsreader, configure a news
account, and point it to news.microsoft.com. Anonymous access. It's
easy and it's free:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Life isn't like a box of chocolates or a bowl of cherries or
peaches... Life is more like a jar of jalapenos. What you do today
may burn your butt tomorrow." - Garfield

I don't want to delgate a child zone to another DNS server, I want to
delegate control to a zone on my DNS server to a specific group of users.


"Ace Fekay [MVP]" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> In news:%(E-Mail Removed),
> MJC <(E-Mail Removed)> typed:
>> How can I delegate control to a specific DNS zone to a non-domain
>> admin without adding that user to the "DNS Admins" group. Basically,
>> I created a zone on our DC for our Cisco devices. I want to grant our
>> Network guys administrative access to the zone without granting
>> rights to all the zones on the DC.
>>
>> Thoughts?
>
> Keep in mind, DNS zone delegation is for delegating a child zone to a
> different server(s). Therefore you can delegate this child zone (assuming
> that is what you are talking about) to the DNS server that will be hosting
> that zone and that they have control over. On that server, create the
> whole child zone, such as childname.parentdomainname.com. THey will haev
> full control over it and nothing else.
>
> --
> Regards,
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> MVP Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Infinite Diversities in Infinite Combinations
>
> Having difficulty reading or finding responses to your post?
> Try using Outlook Express or any other newsreader, configure a news
> account, and point it to news.microsoft.com. Anonymous access. It's
> easy and it's free:
>
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> "Life isn't like a box of chocolates or a bowl of cherries or
> peaches... Life is more like a jar of jalapenos. What you do today
> may burn your butt tomorrow." - Garfield
>

In news:(E-Mail Removed),
MJC <(E-Mail Removed)> typed:
> I don't want to delgate a child zone to another DNS server, I want to
> delegate control to a zone on my DNS server to a specific group of
> users.

I know some folks that have had trouble finiting the permissions to make
this work. Have you tried using the DnsAdmin Group? I believe, IIRC, the
user also needs local machine admin rights, but you will need to test that.
with a test account.

Ace