To configure read-only access for selected users to Active Directory (AD) integrated DNS, you will need to adjust the permissions on the DNS objects in Active Directory. By default, DNS objects are secured to prevent unauthorized changes, but you can customize the permissions to allow read-only access for specific users or groups. Here's a step-by-step guide to achieving this:
Note: To perform these actions, you'll need to be logged in with an account that has administrative privileges in Active Directory.
Open Active Directory Users and Computers (ADUC):
On a domain controller or a machine with the Remote Server Administration Tools (RSAT) installed, open "Active Directory Users and Computers."
Enable Advanced Features:
In ADUC, click on "View" in the menu, then select "Advanced Features." This will enable additional options in the properties of AD objects.
Locate the DNS Zone:
Expand your domain, then navigate to "System" > "MicrosoftDNS" to find your DNS zones.
Right-click on the DNS zone you want to configure read-only access for and select "Properties."
In the properties window, go to the "Security" tab.
Add the Users/Groups:
Click on the "Add" button and select the user or group you want to grant read-only access. For example, you can select a group named "DNS Read-Only Users."
Set Permissions to Read:
In the permissions list, find the "Read" permission and select the "Allow" checkbox for the user/group you added. You may also want to allow "List Contents" to view the subnodes.
Click "OK" to apply the changes and exit the properties window.
I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer--