We have recently received a request from the local IT team of one of our business units to have the ability to flush the DNS cache on the DC in their site only. This business operates from a single site with a single domain controller, part of our North America domain.

We would obviously prefer not to give them DA access, or full access to DNS - or for that matter any additional privileges other than being able to clear the cache on this one DC itself. I can't see a way of delegating this single action to them, and my usual google-fu (bing-fu?!) has let me down on this occasion.

Is it possible to delegate permissions to clear the DNS cache on a domain controller only? Or will they need to settle for raising helpdesk calls every time the need to flush DNS?

Thanks in advance!

You can do it that way:

• Create a share and a text file. Let's say it will be \\Server\Share\file.txt
• Create a script that will read the text file. If the content is "1" then it executes ipconfig /flushdns and Dnscmd ServerName /clearcache commands on the local server. Once executed, the script should remove the file content
• Use Task Scheduler to make the DC run the scheduled task frequently and sends a mail notification when the flushing is done

Grant access to your admin to be able to update the text file. He will then just need to put "1" as the file content and wait for the DNS flushing to be done. Once done, he will receive a mail notification.