This project has moved. For the latest updates, please go here.

Previous Cluster Install Preparation Install First SQL Server Cluster Node Next

Delegation of Control

If you are installing a cluster on Windows 2012 R2 or above then you need to consider Delegation of Control. This section contains the following:

Delegation of Control Overview

When a Computer Object is created in Active Directory, it inherits the right to create other Computer Objects from the standard Computers container. This right is needed to bring Cluster Groups online during a SQL Server cluster install.

It is normal practice in most organisation to move the Computer Object to another container more appropriate to the use of the Computer Object. In Windows 2012 and below the right to create other Computer Objects is retained, but in Windows 2012 R2 and above this right is lost after the Computer Object is moved. The result is that Cluster Groups can no longer be brought online during a SQL Server cluster install.

In order to overcome this problem, an explicit Delegation of Control must be performed. This process must be performed manually, it is not possible to automate it within SQL FineBuild. This issue is discussed further in http://blogs.technet.com/b/askpfeplat/archive/2014/11/17/when-creating-a-new-resource-or-role-in-windows-server-2012-r2-failover-cluster-the-network-name-fails-to-come-online-or-failed-to-create-associated-computer-object-in-domain.aspx
Top

Configure Delegation of Control

As described above, Delegation of Control is only required if you are installing a SQL Server cluster on Windows 2012 R2 or above.

The Delegation of Control process can only be performed on a Windows Group, therefore the relevant Computer Object must be a member of a Windows Group. If you are using the recommended Managed Service Accounts then both the Service Accounts and the Computer Object must be contained within the same Windows Group, and it is recommended that this group is used as the target for Delegation of Control.

This process must be performed by a user who has Domain Administrator rights.

1) Open the Active Directory Users and Computers console
UsersAndComputers.png
2) Right-click on any container and select Delegate Control...
Start.png
3) The Welcome windows is displayed. Click Next to continue
Welcome.png
4) The Select Groups window is displayed. Click Add to select the required Group
Groups.png
5) Select the required Group. Click OK to continue
SelectGroups.png
6) The selected groups are shown. Click Next to continue
SelectedGroups.png
7) The Tasks to Delegate window is displayed.
Select Create custom task to delegate and then click Next to continue
CreateTask.png
8) The Active Directory Object Type window is displayed.
Select This folder... and then click Next to continue
ObjectTypes.png
9) The Permissions window is displayed
Select Creation/Deletion of specific child objects.
Scroll down and select Create Computer objects and Delete Computer objects, then click Next to continue
ComputerObjects.png
10) Delegation of Control is now complete. Click Finish to end the Wizard
Complete.png
Copyright FineBuild Team © 2016 - 2017. License and Acknowledgements
Previous Cluster Install Preparation Top Install First SQL Server Cluster Node Next

Last edited Mar 20 at 1:37 PM by EdVassie, version 8