DNS Delegating Permissions
We have approx 40 Domain controllers across 40 locations each with integrated DNS with a single zone, is there a way to delegate permissions for DNS addresses for a specific location in a manner that could not affected other locations an dtheir addresses?
March 21st, 2011 10:31am
What do you mean by delegate DNS addresses?
If you mean delegate DNS zones, refer to this Microsoft article:
http://technet.microsoft.com/fr-fr/library/cc739719(v=WS.10).aspx
If you want to have just certain records in a zone, you can have a look to Stub Zones:
http://technet.microsoft.com/en-nz/library/cc779197(v=WS.10).aspx
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Free Windows Admin Tool Kit Click here and download it now
March 21st, 2011 10:40am
Hello,
none that i am aware of. How many admins do you have that you must change it that way?Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
March 21st, 2011 10:41am
Other than creating sub-domains, you really have no other way to create delegations within the same zone. Your best option is to limit the number of DNS Admins that have access to the zone and enable auditing so you can capture events as they occur.
For large geographical organizations, it may make sense to break up the DNS zone by "site" (such as us.corp.com, eu.corp.com, etc...), but I do not suspect that this will be a viable option for you.
Visit: anITKB.com, an IT Knowledge Base.
Free Windows Admin Tool Kit Click here and download it now
March 21st, 2011 10:45am
sorry for the confusion, I was refering to permissions. Is there a way to set permissions for certain addresses ranges within a single zone.
March 21st, 2011 10:52am
delegation/permissions.. same issue. Another note...while you could go into the zone and set the ACL (security permissions) on each individual record, that would not be practical or sustainable.Visit: anITKB.com, an IT Knowledge Base.
Free Windows Admin Tool Kit Click here and download it now
March 21st, 2011 11:09am
we have IT people at each location but not Domain Admins, each location would like to control its "own" records.
March 21st, 2011 2:28pm