we had that same stupid request too. all because people don't understand delegation. And yes showed them all the pages like dnsstuff and nslookup , you might as well be talking to the wall. Long and short is create a security group and add that group on the zone in question on the security tab, give them read and write access as necessary
On 5/24/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
You'll need a description of the rights needed to open the tool in this case, as everyone has read access by default. IIRC, the Windows 2000 DNS white paper describes how to delegate rights etc. using tools such as ADSIEDIT or DSACLS. Curious though: why bother? Read access to a DNS zone? Has the user ever used NSLOOKUP or DIG? You can read the zone records using these tools quite easily and it'll tell you just about everything you want to know about the RR. Is there a different requirement in this? Al On 5/24/06, Kamlesh Parmar <[EMAIL PROTECTED]> wrote: > > > Is it possible to give normal domain account rights to view ADI DNS zone in console ? > > I tried to give normal account a rights to READ thru ACL on zone, but it didn't help. > > Only otherway, I know is to create a secondary for that zone, on that users machine. but thats overkilll :) > > -- > Kamlesh > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > "Be the change you want to see in the World" > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
