September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
13.6. Delegating Control of a Zone
Problem
You want to delegate control of managing the resource records in a zone.
Solution
Using a graphical user interface
Open the DNS Management snap-in.
If an entry for the DNS server you want to connect to does not exist, right-click on DNS in the left pane and select Connect to DNS Server. Select This computer or The following computer, enter the server you want to connect to (if applicable), and click OK.
Expand the server in the left pane and expand either Forward Lookup Zones or Reverse Lookup Zones depending on the type of zone.
Click on the name of the zone.
Right-click on the zone and select Properties.
Click on the Security tab.
Click the Add button.
Use the Object Picker to locate the user or group to which you want to delegate control.
Under Permissions, check the Full Control box.
Click OK.
Using a command-line interface
The following command grants full control over managing the resource records in an AD-Integrated zone:
> dsacls dc=<ZoneName>,cn=MicrosoftDNS,<DomainOrAppPartitionDN> /G[RETURN] <UserOrGroup>:GA;;
Using VBScript
' This code grants full control for the specified user or group over ' an AD-Integrated zone. ' ------ SCRIPT CONFIGURATION ------ strZoneDN = "dc=<ZoneName>,cn=MicrosoftDNS,<DomainOrAppPartitionDN>" strUserOrGroup = "<UserOrGroup>" ' e.g. joe@rallencorp.com or RALLENCORP\joe ' ------ END CONFIGURATION --------- set objZone = GetObject("LDAP://" & strZoneDN) '############################ ' Constants '############################ ...