This post is part of the Failover Cluster Checklist series.
The Failover Cluster computer object needs to be granted the appropriate permissions necessary to create cluster resource objects (computers). Some resource objects can be staged, others cannot be staged. This depends on the OS version and resource type. The easiest solution is to place each cluster in a separate OU, and give the cluster permissions to create objects in that OU only.
How to do it
- If necessary, create a new OU and move all cluster nodes and cluster resource objects to the new OU.
- Enable view advanced features in ADUaC.
- Open the Advanced Security Settings for the OU.
- Add the cluster name machine object, and grant the Create Computer objects permission.