I have set something up to create and delete DNS records. I have a specific user doing both actions. The user in question has DNS Admin rights in Active Directory. I am performing all actions via powershell, the creation of DNS records A, PTR works exactly as expected with this user. When the user goes to remove the records the PTR record is delete correctly; however, the “A” record is not deleted and the error generated is:
I’m pretty sure the DNS commands are using CIM (WMI) under the hood; there may be something in the WMI repository on the server that’s not set right. The GUI tools don’t use CIM, so they don’t encounter any extra security that layer may be putting in.
Remove-DnsServerResourceRecord -Name $DNSName -RRType A -ZoneName $ZoneName -ComputerName $DNSServer -Force
The above command works exactly as expected if I run it as domain admin, I found in order to get it to run with the delegated DNS Admin permissions I need to modify the command to be like the following:
I wanted to add this to your efforts, prior to you arriving at where you are now, but it still may be useful to you in future efforts, or others reading this later.
How To Find And Add DNS Record Permissions With PowerShell
http://www.tomsitpro.com/articles/powershell-dns-record-permissions,2-930.html