Grant create computer object permissions to the cluster

This post is part of the Failover Cluster Checklist series.

 

The Failover Cluster computer object needs to be granted the appropriate permissions necessary to create cluster resource objects (computers). Some resource objects can be staged, others cannot be staged. This depends on the OS version and resource type. The easiest solution is to place each cluster in a separate OU, and give the cluster permissions to create objects in that OU only.

How to do it

  • If necessary, create a new OU and move all cluster nodes and cluster resource objects to the new OU.
  • Enable view advanced features in ADUaC.

clip_image001

  • Open the Advanced Security Settings for the OU.

clip_image002

  • Add the cluster name machine object, and grant the Create Computer objects permission.

clip_image003

  • Make sure the cluster machine Object has been granted the Read all Properties permission.
    image

Author: DizzyBadger

SQL DBA Principal Analyst

1 thought on “Grant create computer object permissions to the cluster”

Leave a Reply