none
DNS permissions on root not inheriting on child zones RRS feed

Answers

  • Hi Vdhiman,

    I am sorry that this issue still hasn't been resolved.

    If there is no progress, I would suggest you contact Microsoft Customer Services and Support to get an efficient solution:

    http://support.microsoft.com/contactus/?ln=en-au

    Have a nice day!

    Best Regards

    John


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by John Lii Monday, October 31, 2016 6:44 AM
    • Marked as answer by Leo HanModerator Wednesday, November 2, 2016 5:19 AM
    Wednesday, October 19, 2016 6:54 AM

All replies

  • Hi Vdhiman,

    Please open ADSI edit, and expend DC=**,DC=**, and then expend CN=system, right-click CN=MicrosoftDNS, click properties, and select security, select DnsAdmins, please ensure dnsadmins account has full control for DNS.

    Please reference picture below for further understanding:

     

    Please open ADSI edit, and expend CN=Users, right-click CN=Dnsadmins, click properties, please check if group Type is 0x80000004=(Resource_Group|Security_enabled).

    Best Regards

    John


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, October 14, 2016 2:48 AM
  • Hi John, thanks for getting back . 

    i confirmed on both the permissions as well as group type and they look good. Only diff is you mentioned DnsAdmins in Users container , but in my case the group is in Builtin container. 

    i still dont see dnsadmins on any child zone under forward lookup or reverse lookup. the dns admins cant even create a new zone under forward lookup. 

    i was trying to insert some screenshots for you but its timing out unfortunately. 

    Friday, October 14, 2016 1:48 PM
  • Hi Vdihiman,

    Have you checked local log on event viewer?

    Did you find any issue event on event viewer?

    You could analyze issue by process monitor.

    Here is link about process monitor download for your reference:

    https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx

    Best Regards

    John


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 17, 2016 3:21 AM
  • Hi John,

    i missed one thing i checked now in advanced security. all the inherited permissions i see are from 'DC=ForestDNSZones, DC=<forestname>, DC=**'. 

    I have however been checking till now on ADSIEdit for  'CN=MicrosoftDNS,CN=System,DC=<childdomain>,DC=<forestname>, DC**'.

    so i tried to connect to ADSIedit for our forest but do not see any partition/container for ForestDNSZones . 

    Our forest and domain functional levels are 2012 R2


    Tuesday, October 18, 2016 3:55 PM
  • Hi Vdhiman,

    I am sorry that this issue still hasn't been resolved.

    If there is no progress, I would suggest you contact Microsoft Customer Services and Support to get an efficient solution:

    http://support.microsoft.com/contactus/?ln=en-au

    Have a nice day!

    Best Regards

    John


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by John Lii Monday, October 31, 2016 6:44 AM
    • Marked as answer by Leo HanModerator Wednesday, November 2, 2016 5:19 AM
    Wednesday, October 19, 2016 6:54 AM