Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

Modify Security for a Directory-Integrated Zone

Updated: May 9, 2008

Applies To: Windows Server 2008

You can manage the discretionary access control list (DACL) on the Domain Name System (DNS) zones that are stored in Active Directory Domain Services (AD DS). Use the DACL to control the permissions for the Active Directory users and groups that may control the DNS zones.

You can use this procedure to modify security for an Active Directory–integrated zone using the DNS Manager snap-in.

Membership in DnsAdmins or Domain Admins in AD DS, or the equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

  1. Open DNS Manager. To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

  2. In the console tree, click the applicable zone. Expand DNS, expand applicable DNS server, expand Forward Lookup Zones (or Reverse Lookup Zones), and then click applicable zone

  3. On the Action menu, click Properties.

  4. On the General tab, verify that the zone type is Active Directory-integrated.

  5. On the Security tab, modify the list of member users or groups that are allowed to securely update the applicable zone and reset their permissions as needed.

  • Secure dynamic updates are supported only for zones that are stored in AD DS.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.