Export (0) Print
Expand All

Implementing the DNS Admins Role

Updated: December 5, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Use the following procedure to implement the DNS admins role.

To implement the one recommended instance of the DNS Admins role

  1. Create a Universal Group called <Forest-Name> DNS Admins in the Service Management OU (ou=Service Management, dc=<Forest Root Domain>).

    noteNote
    If Universal groups are not available, create a Global security group.

  2. Grant the <Forest-Name> DNS Admins the following permissions:

    • Full control on CN=MicrosoftDNS, DC=ForestDnsZones, DC=<forest root domain>

  3. Create one Global Group called <Domain-Name> DNS Admins in the Service Management OU for each domain (ou=Service Management, dc=<Forest Root Domain>).

  4. In each domain and on ever NDNC used by DNS <domain>, grant the respective <Domain-Name> DNS Admins group the following permissions:

    • Full control on CN=MicrosoftDNS, CN=System, DC=<domain>

    • Full control on CN=MicrosoftDNS, DC=DomainDnsZones, DC=<domain>

  5. Make the <Forest-Name> DNS Admins a member of the <Domain-Name> DNS Admins group from each domain.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft