I have some helpdesk users who im after delegating some dns work. I only would like them to Add and Delete Records, mainly A Records.I dont want to give DNS Admins obviosuly, as this is over kill for this task unless i have no other option.Can someone advise away forward to enable me to achive my goals ?

Hi, Please refer to the following steps to grant the permission: 1. Open the DNS Manager console, right-click the Server, select Properties. 2. Select Security tab, click Add, type the name the helpdesk users, click OK, and select the Allow check box next to Read. 3. Right-click the Zone, select Properties. 4. Select Security tab, click Advanced, click Add, type the name the helpdesk users, click OK. 5. In the Apply to: drop-down list, select This object and all descendant objects. 6. Click the Allow check box that is beside the following permissions:List contentsRead all propertiesWrite all propertiesRead permissionsAll validated writes 7. Click OK. Thanks.

Hi, thanks for your response.Will this solution just allow the helpdesk to create / delete records only ? or will these users be able to do more etc ?

Hi, The helpdesk will be able to do everything for the zone, such as new Domain, delete domain, change the settings, etc. If it is an Active Directory-Integrated zone, you can configure the ACL in ADSIEdit.msc (instead of the DNS management snap-in) to further restrict the permission: 1. Open Adsiedit.msc. 2. Click Action, click Connect to. 3. Under Connection Point, select Select or type a Distinguished Name or Naming Context, type DC=DomainDnsZones,DC=domain,DC=com, click OK. 4. Navigate to CN=MicrosoftDNS, right-click the DNS zone, select Properties. 5. Select Security tab, click Advanced, click Add, type the name the helpdesk users, click OK. 6. In the Apply to: drop-down list, select Descentdant dnsNode objects 7. Click the Allow check box that is beside the following permissions:Read all propertiesWrite all propertiesDelete In this way, the helpdesk can only create/delete records. You may test it and amend the permission according to your requirement. Thanks.

Thats great, thanks. Will give it ago