DNS Design-DNS Zones for per Organization Units
Suppose our OU structure is like country wise like the snap-1 and there is local IT for each region and they want to manage their own DNS records, so we need specific DNS zone for specific OU. Now our requirement is UK OU's host records should be registered in UK.ROCKY.COM and USA OU'S host records should be registered in USA.ROCKY.COM. Also see the snap-2 for DNS design.
SNAP-1
SNAP-2
USA.ROCKY.COM & UK.ROCKY.COM are the forward lookup zones those I have created manually.
Now I go going to discuss the steps that how to do this.
1. Add the "Primary DNS Suffix
As per our example those are USA.ROCKY.COM & UK.ROCKY.COM. We can automate that via GPO. Those GPOs can be linked with the OUs
.
Using Group Policy to Specify a DNS Suffix
Policyprimary dns suffix
Category PathComputer Configuration\Administrative Templates\Network\dns Client\
Supported OnAt least Microsoft Windows 2000
Registry KeyHKLM\Software\Policies\Microsoft\System\dnsClient
ValueNV primarydnssuffix
2. Need to allow an attribute(Write dNSHostName); please find the below link for that. You can modify that attribute Domain/OU level
http://technet.microsoft.com/en-us/library/cc959267.aspx
<>Caution
If you modify the ACL to enable registration of the modified full computer name, any computer in the domain can register itself under a different name.
3.Now the time for the delegation for Regional Administrators who will be managed their own DNS Zone
Provide the permission for regional Admins on their Zone. Add them from the security tabs.
Best Practice :- Create a "Domain Local" security group add regional admins into that security group. provide the permission for that security group.
If you want to do with your existing DNS setup; you can add one batch file through GPO.
Ipconfig /flushdns
Ipconfig /registerdns
Above commands will update the “A” records in your new Zone.