Sign in with
Sign up | Sign in
Your question

Permissions to create a new zone

Last response: in Windows 2000/NT
Share
Anonymous
February 21, 2005 7:59:46 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi All,

I am having issues giving my "DNS Administrators" access to the DNS as far
as creating new zones. The can edit and add records to any of the zones but
if they need to create a new zone at the root of our domain, they cannot.
Do they need Domain Admin privilages or is there a way around this.

Thanks in advance,

Chris
Anonymous
February 22, 2005 12:10:01 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

To add to my question, they already are in the DNS Admin group and since the
AD was upgraded I had to give the DNSAdmin group full access to the top
level domain and all the child objects as per the MS article that mentioned
that. They can create and delete any records in the domains but they can't
create new zones

"Chris Henderson" <please@dont.ask.com> wrote in message
news:uk3tOnHGFHA.2756@TK2MSFTNGP15.phx.gbl...
> Hi All,
>
> I am having issues giving my "DNS Administrators" access to the DNS as far
> as creating new zones. The can edit and add records to any of the zones
> but if they need to create a new zone at the root of our domain, they
> cannot. Do they need Domain Admin privilages or is there a way around
> this.
>
> Thanks in advance,
>
> Chris
>
Anonymous
February 22, 2005 2:28:49 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:o 4vOZFQGFHA.3316@tk2msftngp13.phx.gbl,
Chris Henderson <please@dont.ask.com> commented
Then Kevin replied below:
> To add to my question, they already are in the DNS Admin
> group and since the AD was upgraded I had to give the
> DNSAdmin group full access to the top level domain and
> all the child objects as per the MS article that
> mentioned that. They can create and delete any records in
> the domains but they can't create new zones
>
> "Chris Henderson" <please@dont.ask.com> wrote in message
> news:uk3tOnHGFHA.2756@TK2MSFTNGP15.phx.gbl...
>> Hi All,
>>
>> I am having issues giving my "DNS Administrators" access
>> to the DNS as far as creating new zones. The can edit
>> and add records to any of the zones but if they need to
>> create a new zone at the root of our domain, they
>> cannot. Do they need Domain Admin privilages or is there
>> a way around this.
>>
>> Thanks in advance,
>>
>> Chris

I'm assuming they are creating standard zone types, not AD integrated?
What permissions does the DNS admins group have on the
%systemroot%\system32\dns directory?

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Related resources
Anonymous
February 23, 2005 1:35:45 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi Kevin,

Thanks for responding.

No these are AD Integrated zones. That's what I dont understand. The domain
was upgraded from an NT 4.0 domain a year or so ago.When I initially added
my DNS Administrators to the DNSAdmins group they couldn't even delete
records from any of the zones. Then I an read article from MS that said to
give the DNS Admins group full access to the DNS server name and allow it to
propagate down to all child objects. This allowed them to delete records in
all the zones (we have tons of zones) but not create the zones.

Any ideas?

Chris

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:eErqAQQGFHA.3792@TK2MSFTNGP10.phx.gbl...
> In news:o 4vOZFQGFHA.3316@tk2msftngp13.phx.gbl,
> Chris Henderson <please@dont.ask.com> commented
> Then Kevin replied below:
>> To add to my question, they already are in the DNS Admin
>> group and since the AD was upgraded I had to give the
>> DNSAdmin group full access to the top level domain and
>> all the child objects as per the MS article that
>> mentioned that. They can create and delete any records in
>> the domains but they can't create new zones
>>
>> "Chris Henderson" <please@dont.ask.com> wrote in message
>> news:uk3tOnHGFHA.2756@TK2MSFTNGP15.phx.gbl...
>>> Hi All,
>>>
>>> I am having issues giving my "DNS Administrators" access
>>> to the DNS as far as creating new zones. The can edit
>>> and add records to any of the zones but if they need to
>>> create a new zone at the root of our domain, they
>>> cannot. Do they need Domain Admin privilages or is there
>>> a way around this.
>>>
>>> Thanks in advance,
>>>
>>> Chris
>
> I'm assuming they are creating standard zone types, not AD integrated?
> What permissions does the DNS admins group have on the
> %systemroot%\system32\dns directory?
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
Anonymous
March 11, 2005 2:16:58 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23w5w8ZdGFHA.3316@TK2MSFTNGP10.phx.gbl,
Chris Henderson <please@dont.ask.com> made a post then I commented below
> Hi Kevin,
>
> Thanks for responding.
>
> No these are AD Integrated zones. That's what I dont understand. The
> domain was upgraded from an NT 4.0 domain a year or so ago.When I
> initially added my DNS Administrators to the DNSAdmins group they
> couldn't even delete records from any of the zones. Then I an read
> article from MS that said to give the DNS Admins group full access to
> the DNS server name and allow it to propagate down to all child
> objects. This allowed them to delete records in all the zones (we
> have tons of zones) but not create the zones.
> Any ideas?
>
> Chris
>


Chris, you mentioned an article in both of your posts, but did not provide
it. Can you provide the article # or link?

--?
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Paramount: What's up with taking Enterprise off the air??
=================================
!