You can use this procedure to specify who can administer the DNS Server service when it is running on a domain controller. It does not affect who can administer zones and resource records that are hosted on the server, however.

Membership in the Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at

To modify security for the DNS Server service on a domain controller
  1. Open DNS Manager.

  2. In the console tree, right-click the applicable server, and then click Properties.


    DNS/applicable DNS server

  3. On the Security tab, modify the list of member users or groups that are allowed to administer the applicable server.

Additional considerations

  • To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

  • Active Directory access control lists (ACLs) are supported for the DNS Server service only when it is running on a domain controller.

Additional references