Q. What permissions do accounts used by failover clusters in Windows Server 2008 need?
November 6, 2008
A. The account used to create the cluster must have administrator rights on the computers that are becoming part of the new cluster and the Create Computer Objects permission on the container where computer accounts are created in the domain. This is because the wizard that creates failover clusters creates the computer account for the new cluster and gives that account the necessary permissions, such as creating computer objects in the domain’s computer account container (which lets the cluster create additional computer accounts for any clustered services or applications).
You can find more information about the permissions that failover-clustering accounts need in the Microsoft articles “Failover Cluster Step-by-Step Guide: Configuring Accounts in Active Directory” and “Active Directory Permissions for Cluster Accounts.”
About the Author
You May Also Like