Modify security for a directory-integrated zone

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To modify security for a directory-integrated zone

  1. Open DNS.

  2. In the console tree, click the applicable zone.


    • DNS/applicable DNS server/Forward Lookup Zones (or Reverse Lookup Zones)/applicable zone
  3. On the Action menu, click Properties.

  4. On the General tab, verify that the zone type is Active Directory-integrated.

  5. On the Security tab, modify the list of member users or groups that are allowed to securely update the applicable zone and reset their permissions as needed.


  • To perform this procedure, you must be a member of the DnsAdmins or the Domain Admins group in Active Directory. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups and Using Run as.

  • To open DNS, click Start, click Control Panel, double-click Administrative Tools, and then double-click DNS.

  • Secure dynamic updates are only supported for zones stored in Active Directory.

  • The security settings determine who can administer the zone, but do not affect dynamic updates to the zone. To apply security settings for dynamic updates, see Related Topics.

  • This feature is not included on computers running the Microsoft® Windows Server® 2003, Web Edition, operating system. For more information, see Overview of Windows Server 2003, Web Edition.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also


Dynamic update
Active Directory integration
Modify security for a resource record
Changing inherited permissions
Remote Desktop Connection
Security information for DNS
Securing DNS zones