Hello,

We would like to delegate the our internal domain service to the local site admins and keep the burden off from domain administrator.

How should we delegate the Internal domain to respective site admins, so they can take care of their own domain record and not ask any support for domain administrator.

Is there any delegation concept available for such kind of request.

Thanks,

Are you trying to delegate rights within the Active Directory Domain or in your DNS Zones? I would suggest using OUs and delegating rights to those specific OUs for different administrators. If you are referring to DNS Zones, you can delegate those administrators with modify permissions to the DNS Zone, otherwise you can create a sub-domain for them to modify, if your environment allows for it.

Thanks for the reply Stefano! We would like to DNZ zone delegation to our site admins so they can modify their own DNS record. Is there any concept or standard guideline available for such implementation.

I don't know if there is a Best Practice per say for DNS Zone delegated rights.

Each Zone has a security tab, which you can use to delegate rights to the zone for specific users / group.

Each Record has a security tab as well, which can use to delegate specific rights to each record, instead of granting control over the entire zone; this is a lot of administration overhead for the Domain Admin if there are hundreds of records that are 'owned' by those specific admins.

DNS records are not like AD objects, which have a lot more granular permissions.

Hi,

You may delegated specific zone to local DNS server, or grant permission to local DNS admin for specific zone.

These links below might be helpful for you.
Understanding Zone Delegation
https://technet.microsoft.com/en-us/library/cc771640.aspx
Granting access to DNS Management MMC to a non-admin
http://blogs.technet.com/b/jlosey/archive/2009/09/02/granting-access-to-dns-management-mmc-to-a-non-admin.aspx

Best Regards,
Eve Wang