delegate zone tranfer config (howto?)
Snowfresh
I am looking for a way to delegate the right to configure a zone transfer.
Membership of the DNSAdmin group is not enough.
(Windows Server 2003)
Membership of the Domain Admins group is not an option.
Anyone?
Best Regards,
Snowfresh.
![Bob Qin [MSFT]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
Bob Qin [MSFT]
Thanks for your posting here.
You can try to assign the user "Full Controll" permissions for the DNS
zone.
Right click the zone on the DNS server, click Properties.
Click Security tab
Click ADD to add user
Check Full Control
Click Apply
Have a nice day!
Regards,
Bob Qin
Product Support Services
Microsoft Corporation
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Remy
Can you explain why the built-in dnsadmins group does not have the right
assigned by default?
Is there a more specific AD property to assign this right, instead of full
control?
Thanks
Snowfresh
"Bob Qin [MSFT]" <bob...@online.microsoft.com> wrote in message
news:G9arY3RX...@cpmsftngxa10.phx.gbl...
Bob Qin [MSFT]
I think it is normal for DNSAdmins group to have full control permissions
for the DNZ zone. The issue seems to be that the DNSAdmins group did not
have the appropriate permissions in Windows Server 2003. I will be
researching to see if this is By Design with Windows Server 2003 or if this
is a bug.
In addition, you can also refer to the following document for the known
issue of DNSAdmins group in Windows 2003.
837335 You receive a "The record cannot be deleted" error message when you
try
http://support.microsoft.com/?id=837335
Thanks again for using our newsgroup.
Frances [MSFT]
Good to hear from you.
According to your message, I understand that you want to know how to
delegate the right to make a zone transfer.
Since the newsgroup mainly focuses on break/fix issues, we will only offer
some general information on this issue.
Based on the following article, to initiate a zone transfer, we have to be
a member of the Administrators group on the local computer, or be delegated
the appropriate authority. If the computer is joined to a domain, members
of the Domain Admins group might be able to perform this procedure
Please refer to the following article for more information.
Initiate a zone transfer at a secondary server
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
rHelp/66cb82ca-c510-4c5d-aee7-a5784ba7e417.mspx
You may have a test to confirm it.
Hope this helps.
Best regards,
Frances He
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
Business-Critical Phone Support (BCPS) provides you with technical phone
support at no charge during critical LAN outages or "business down"
situations. This benefit is available 24 hours a day, 7 days a week to all
Microsoft technology partners in the United States and Canada.
This and other support options are available here:
BCPS:
https://partner.microsoft.com/US/technicalsupport/supportoverview/40010469
Others: https://partner.microsoft.com/US/technicalsupport/supportoverview/
If you are outside the United States, please visit our International
Support page: http://support.microsoft.com/common/international.aspx.
=====================================================
Frances [MSFT]
We haven't heard from you. Please feel free to respond to the newsgroups if
you need additional help.
Have a great day!