DNS Management Tasks
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
In Windows 2000, in addition to the permissions specified in the table “DNS Management Tasks”, Full Control is required on the container CN=MicrosoftDNS,CN=System,DC=<domain> to perform any DNS administrative task. In Windows Server 2003, the permissions specified in the table “DNS Management Tasks” are sufficient to perform the corresponding DNS administrative task.
| Task | Permissions Required to Perform Task |
|---|---|
Create a new Active Directory–integrated zone |
CC on CN=MicrosoftDNS,CN=System,DC=<domain> OR CN=MicrosoftDNS,DC=<domain DNS Zones application directory partition> to create objects of class dnsZone RP on CN=MicrosoftDNS,CN=System,DC=<domain> |
Delete an Active Directory–integrated zone |
SD on the DNS-Zone object itself OR DC on CN=MicrosoftDNS,CN=System,DC=<domain> OR CN=MicrosoftDNS,DC=<domain DNS Zones application directory partition> to delete objects of class dnsZone RP on CN=MicrosoftDNS,CN=System,DC=<domain> |
Write Active Directory–integrated zone parameters |
WP on dnsZone object under CN=MicrosoftDNS,CN=System,DC=<domain> OR CN=MicrosoftDNS,DC=<domain DNS Zones application directory partition> to modify the dnsProperty attribute RP on CN=MicrosoftDNS,CN=System,DC=<domain> |
Write the RootHints (stored in Active Directory) |
WP on dnsNode objects stored in CN=RootDNSServers under CN=MicrosoftDNS,CN=System,DC=<domain> OR CN=MicrosoftDNS,DC=<domain DNS Zones application directory partition> to modify the dnsRecord attribute RP on CN=MicrosoftDNS,CN=System,DC=<domain> |
Create a new name in the Active Directory–integrated zone |
CC on corresponding dnsZone object CN=<dnsZone>, CN=MicrosoftDNS,CN=System,DC=<domain> OR CN=<dnsZone>, CN=MicrosoftDNS,DC=<domain DNS Zones application directory partition> to create objects of class dnsNode RP on CN=MicrosoftDNS,CN=System,DC=<domain> |
Write the records in the Active Directory–integrated zone |
WP on the corresponding dnsNode object CN=<dnsNode>, CN=<dnsZone>, CN=MicrosoftDNS,CN=System,DC=<domain> OR CN=<dnsNode>,CN=<dnsZone>, CN=MicrosoftDNS,DC=<domain DNS Zones application directory partition> to modify the dnsRecord attribute RP on CN=MicrosoftDNS,CN=System,DC=<domain> |