Delegation of Control of DNS Zone Administration


Members of the built-in DNSAdmins security principal in an Active Directory domain are granted following default permissions: Allow: Read, Write, Create All Child objects, Delete Child objects, Special Permissions.

In a large organization, there may be a need to delegate control of the DNS Zone Administration to regional or branch office network administration groups or to the SOC team, who may have to create honeypot DNS entries. This article outlines one possible way to configure the delegation.

For this illustration, the regional network administration team is assumed to be located in the APAC region and create their first Active Directory integrated DNS Zone called

Read More »