We have approx 40 Domain controllers across 40 locations each with integrated DNS with a single zone, is there a way to delegate permissions for DNS addresses for a specific location in a manner that could not affected other locations an dtheir addresses?

What do you mean by delegate DNS addresses? If you mean delegate DNS zones, refer to this Microsoft article: http://technet.microsoft.com/fr-fr/library/cc739719(v=WS.10).aspx If you want to have just certain records in a zone, you can have a look to Stub Zones: http://technet.microsoft.com/en-nz/library/cc779197(v=WS.10).aspx This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Hello, none that i am aware of. How many admins do you have that you must change it that way?Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Other than creating sub-domains, you really have no other way to create delegations within the same zone. Your best option is to limit the number of DNS Admins that have access to the zone and enable auditing so you can capture events as they occur. For large geographical organizations, it may make sense to break up the DNS zone by "site" (such as us.corp.com, eu.corp.com, etc...), but I do not suspect that this will be a viable option for you. Visit: anITKB.com, an IT Knowledge Base.

sorry for the confusion, I was refering to permissions. Is there a way to set permissions for certain addresses ranges within a single zone.

delegation/permissions.. same issue. Another note...while you could go into the zone and set the ACL (security permissions) on each individual record, that would not be practical or sustainable.Visit: anITKB.com, an IT Knowledge Base.

we have IT people at each location but not Domain Admins, each location would like to control its "own" records.