Delegating authority over a DNS zone

I’m back. Sorry for such a long absence: all those conferences and MVP gatherings take too much of endurance, though are very useful and pleasant. But now I’m really back and today we will delegate control over one of our DNS zones (without granting control over the whole DNS server or even AD) to, say, junior administrator. It is obvious that we can just give him necessary rights for the zone using permission tab in its properties menu:


but that still doesn’t give you rights to connect to your DNS server through mmc console:


What shall we do to give the access? Of course we can the junior admin local admin rights, but:

  1. it is a bit overkill
  2. it will give more permission for DNS than we need to give him
  3. usually DNS servers are placed on a DC, so the junior will automatically become a domain admin

So, what we need to do is to grant him Read permission to the DNS server itself:


And now our junior has access he needs:


And of course don’t grant the permissions directly: create a group, put the user in it and grant permissions to the group.

1 thought on “Delegating authority over a DNS zone

  1. Pingback: Manage your Windows 2008 R2 DNS Server from XP » IT, IS, etc…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s