Skip to content

Delegation of Control

Jump to bottom
EdVassie edited this page Apr 1, 2020 · 5 revisions
Previous Cluster Install Preparation Install First SQL Server Cluster Node Next

If you are installing a cluster where the Domain Controller is at Windows 2012 R2 or above then you need to consider Delegation of Control. This section contains the following:

Delegation of Control Overview

When a Computer Object is created in Active Directory, it inherits the right to create other Computer Objects from the standard Computers container. This right is needed to bring Cluster Groups online during a SQL Server cluster install.

It is normal practice in most organisation to move the Computer Object to another container more appropriate to the use of the Computer Object. In Windows 2012 and below the right to create other Computer Objects is retained, but in Windows 2012 R2 and above this right is lost after the Computer Object is moved. The result is that Cluster Groups can no longer be brought online during a SQL Server cluster install.

In order to overcome this problem, an explicit Delegation of Control must be performed. This process is not currently included in SQL FineBuild and must be performed manually. This issue is discussed further in https://blogs.technet.microsoft.com/kaushika/2014/11/17/when-creating-a-new-resource-or-role-in-windows-server-2012-r2-failover-cluster-the-network-name-fails-to-come-online-or-failed-to-create-associated-computer-object-in-domain/

Top

Configure Delegation of Control

As described above, Delegation of Control is only required if you are installing a SQL Server cluster where the Domain Controller is at Windows 2012 R2 or above.

The Delegation of Control process can only be performed on a Windows Group, therefore the relevant Computer Object must be a member of a Windows Group. If you are using the recommended Managed Service Accounts then both the Service Accounts and the Computer Object must be contained within the same Windows Group, and it is recommended that this group is used as the target for Delegation of Control.

This process must be performed by a user who has Domain Administrator rights.

  1. Open the Active Directory Users and Computers console

    UsersAndComputers

  2. Right-click on any container and select Delegate Control...

    Start

  3. The Welcome windows is displayed. Click Next to continue

    Welcome

  4. The Select Groups window is displayed. Click Add to select the required Group

    Groups

  5. Select the required Group. Click OK to continue

    Select Groups

  6. The selected groups are shown. Click Next to continue

    Selected Groups

  7. The Tasks to Delegate window is displayed.

    Select Create custom task to delegate and then click Next to continue

    Create Task

  8. The Active Directory Object Type window is displayed.

    Select This folder... and then click Next to continue

    Object Types

  9. The Permissions window is displayed

    Select Creation/Deletion of specific child objects.

    Scroll down and select Create Computer objects and Delete Computer objects, then click Next to continue

    Computer Objects

  10. Delegation of Control is now complete. Click Finish to end the Wizard

    Complete

Copyright FineBuild Team © 2016 - 2018. License and Acknowledgements

Previous Cluster Install Preparation Top Install First SQL Server Cluster Node Next

Key SQL FineBuild Links:

SQL FineBuild supports:

  • All SQL Server versions from SQL 2019 through to SQL 2005
  • Clustered, Non-Clustered and Core implementations of server operating systems
  • Availability and Distributed Availability Groups
  • 64-bit and (where relevant) 32-bit versions of Windows

The following Windows versions are supported:

  • Windows 2022
  • Windows 11
  • Windows 2019
  • Windows 2016
  • Windows 10
  • Windows 2012 R2
  • Windows 8.1
  • Windows 2012
  • Windows 8
  • Windows 2008 R2
  • Windows 7
  • Windows 2008
  • Windows Vista
  • Windows 2003
  • Windows XP
Clone this wiki locally