"DNS Admins" members cannot delete existing record
Windows Server Forum Index Windows Server
Server discussion on Windows platform.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web winserverhelp.com
"DNS Admins" members cannot delete existing record

 
Post new topic   Reply to topic    Windows Server Forum Index -> DNS
Author Message
Marlon Brown
Guest
Posted: Mon Oct 17, 2005 4:50 pm    Post subject: "DNS Admins" members cannot delete existing record Reply with quote
I need to give permissions to my network admins create and delete records
from DNS-ADI servers.
I put them onto the "DNS Admins" built-in group.

I notice members from "DNS Admins" can create and delete new records - OK.
However, when they attempt to delete an existing A (or other record) record
in DNS, they are getting access is denied. I go to the respective properties
of the "old" record and I see that "DNS Admins" is not added there.

Is this by design ? Is the "DNS Admins" group not supposed to delete records
which was not created by themselves ? If so, how I can let "DNS Admins"
delete all existing DNS records onto DNS.

I right clicked onto the respective Zone in my DNS server and I see that the
"DNS Admins" group was not added there. I see three unresolved SIDs though.

Even if I right-click the "Zone" and add "DNS Admins" there, I see that the
permission doesn't get propagated to the existing host records. Therefore
even after adding "DNS Admins" to the Security tab of the respective "Zone",
the records do not inherit the permission from the Zones. Any ideas ?
Back to top
Marlon Brown
Guest
Posted: Wed Oct 19, 2005 4:51 pm    Post subject: Re: "DNS Admins" members cannot delete existing record Reply with quote
It seems permissions are not carried over from migration from win2k to
win2003. I had to add DNSADMIN manually on the respective and reapply
permissions to this object and all child objects. Then all respective hosts
inherited permissions.'

"Marlon Brown" <nomail@brown.com> wrote in message
news:eDbnSpz0FHA.712@TK2MSFTNGP10.phx.gbl...
Quote:
I need to give permissions to my network admins create and delete records
from DNS-ADI servers.
I put them onto the "DNS Admins" built-in group.

I notice members from "DNS Admins" can create and delete new records - OK.
However, when they attempt to delete an existing A (or other record)
record in DNS, they are getting access is denied. I go to the respective
properties of the "old" record and I see that "DNS Admins" is not added
there.

Is this by design ? Is the "DNS Admins" group not supposed to delete
records which was not created by themselves ? If so, how I can let "DNS
Admins" delete all existing DNS records onto DNS.

I right clicked onto the respective Zone in my DNS server and I see that
the "DNS Admins" group was not added there. I see three unresolved SIDs
though.

Even if I right-click the "Zone" and add "DNS Admins" there, I see that
the permission doesn't get propagated to the existing host records.
Therefore even after adding "DNS Admins" to the Security tab of the
respective "Zone", the records do not inherit the permission from the
Zones. Any ideas ?

Back to top
 
Post new topic   Reply to topic    Windows Server Forum Index -> DNS All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




New Topics Powered by phpBB