The interesting question found on the Microsoft TechNet forums: “I want to delegate one of my users to manage the DNS records. But I don’t want him to have any privilege to change the DNS server settings. What action can I take?”

To provide the ability for a user to manage the DNS server settings add the user to the DNSAdmins group. This group, by default, already has the necessary rights and permissions to administer the DNS server.

If you want this group or another group to manage the content of the zones hosted on the server, follow this step.

Using the DNS Admin console, right click the domain of interest, choose Properties. Access the Security tab. Add the group that you want to provide access, to the Access Control List (ACL). Next, modify the Access Control Entry (ACE) to provide the necessary permissions you wish to provide the group.

Once the proper permissions have been set, have the user install and run the DNS Admin console. The console is available once you install the RSAT (Windows Vista/7/2008), or AdminPak (Windows 2000, 2003, XP) tool kit.