[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

What permissions in AD do you need to install WSFC

Posted on 2014-07-15
11
Medium Priority
?
459 Views
Last Modified: 2014-07-25
What permissions is minimum i AD to install WSFC
0
Comment
Question by:Asle Kibsgaard
  • 6
  • 5
11 Comments
 
LVL 14

Expert Comment

by:Ben Hart
ID: 40197169
Windows Services Failover Clustering right? Should only need local admin rights on the servers you intended to be part of the cluster.
0
 

Author Comment

by:Asle Kibsgaard
ID: 40197173
Thanks , bit maybe sound a little strange to me that you not need more since the cluster name is a Virtual Computer Object that has it's own permissions in AD ? Do you have any Reference for this ?
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 40197175
I do not.. I've never installed this myself.. and Googling came up with nothing.  Worst case, install it with Domain Admin rights.. or are you wanting to specifically avoid that?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:Asle Kibsgaard
ID: 40197192
I only want to know with certenty that I can install with the rights that I already have in AD. To be sure I get no problems with the installation  after it is done.
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 40197207
What rights in AD do you have?  According to http://msdn.microsoft.com/en-us/library/ms189910.aspx 

During SQL Server Failover Cluster installation, computer object (Active Directory computer accounts) for the SQL Server Network Resource Name is created. In a Windows Server 2008 cluster, the cluster name account (computer account of the cluster itself) needs to have permissions to create computer objects. For more information, see Configuring Accounts in Active Directory.

To create a failover cluster, you must be a local administrator with permissions to log on as a service, and to act as part of the operating system on all nodes of the failover cluster instance.

WSFC must be able to verify that the failover clustered instance is running by using the IsAlive check. This requires connecting to the server by using a trusted connection. By default, the account that runs the cluster service is not configured as an administrator on nodes in the cluster, and the BUILTIN\Administrators group does not have permission to log into SQL Server. These settings change only if you change permissions on the cluster nodes.
0
 

Author Comment

by:Asle Kibsgaard
ID: 40197215
I think you are now writing about SQL Server Failover cluster installation, not Windows Server Failover Cluster installation.
With Sql Server Failover cluster Installation , I agree it shoul be sufficently with loacl adminsitrator on both nodes.
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 40197241
Ahh gotcha.. the biggest hits I can find are SQl related.
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 40197261
Hmm Im not help.  All the search results are for SQL :(
0
 

Author Comment

by:Asle Kibsgaard
ID: 40197364
Ok, thanks anyway, somebody else that can help ??
0
 

Accepted Solution

by:
Asle Kibsgaard earned 0 total points
ID: 40208378
http://technet.microsoft.com/en-us/library/cc771404.aspx

Account for administering the cluster: When you first create a cluster or add servers to it, you must be logged on to the domain with an account that has administrator rights and permissions on all servers in that cluster. The account does not need to be a Domain Admins account—it can be a Domain Users account that is in the Administrators group on each clustered server. In addition, if the account is not a Domain Admins account, the account (or the group that the account is a member of) must be delegated Create Computer Objects and Read All Properties permissions in the domain. For more information, see Failover Cluster Step-by-Step Guide: Configuring Accounts in Active Directory (http://go.microsoft.com/fwlink/?LinkId=139147).
0
 

Author Closing Comment

by:Asle Kibsgaard
ID: 40218883
Nobody helped me find this solution, it is a bit disaapointin that a simply question like this could not be readily answered by the experts.
And the problem must have been interesting to most of the experts that work with mssql servers , so if you experts cannot answer a simple question like this I am really disappointed over you.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question