In the first part, we had a quick look at Just Enough Administration (JEA) and discussed some use cases. In this part, we are going to implement a JEA example to solve a common problem we have had for years: assigning appropriate rights to DNS admins.
I’m sure that the majority of DNS implementations in Windows environments are co-located with Active Directory domain controllers. That brings a lot of flexibility when it comes to DNS management, troubleshooting, integrated zones, and secure replication. But it’s also quite difficult to separate Active Directory and DNS management layers. In most cases, our domain administrators are also responsible for DNS. The main reason for this is that to have separate DNS admins, you need to grant “Domain Admin” rights to them.