I have a Win2k domain, all running SP3
I am using ADI zones throughout. I have a number of zones which are
related to our company name and not used for the AD side - they are
not set to dynamic update.
I wish to delegate authority to these zones to other administrators,
keeping the actual data on my DCs. I have multiple zones that have to
be delegated to multiple people, so using DNSAdmins is out of the
question.
If I give people Full Control they have access to change the zone
properties - things like zone transfer and Wins integration. If I give
them Read, Write, Create Child and Delete Child, they cannot actually
do anything. Trying to create or delete something simple like a host
record returns "Access Denied". I even went into the advanced and gave
rights to create DNSNode but to no avail.
Has anyone else seen this, and how did you get around it?
Many thanks
Nobby Clarke
|
Similar Threads
