Active Directory Permissions for Cluster Accounts
Applies To: Windows Server 2008 R2
When you create a new clustered service or application, a computer object (computer account) for that clustered service or application must be created in the Active Directory domain. This computer object is created by the computer object of the cluster itself. If the computer object of the cluster itself does not have the appropriate permissions, it cannot create or update the computer object for the clustered service or application.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-FailoverClustering |
Cluster network name resource '%1' failed to create its associated computer object in domain '%2' for the following reason: %3. The associated error code is: %5 Please work with your domain administrator to ensure that: - The cluster identity '%4' can create computer objects. By default all computer objects are created in the 'Computers' container; consult the domain administrator if this location has been changed. - The quota for computer objects has not been reached. - If there is an existing computer object, verify the Cluster Identity '%4' has 'Full Control' permission to that computer object using the Active Directory Users and Computers tool. |
|
Microsoft-Windows-FailoverClustering |
Cluster network name resource '%1' failed to create its associated computer object in domain '%2' for the following reason: %3. The text for the associated error code is: %4 Please work with your domain administrator to ensure that: - The cluster identity '%5' can create computer objects. By default all computer objects are created in the 'Computers' container; consult the domain administrator if this location has been changed. - The quota for computer objects has not been reached. - If there is an existing computer object, verify the Cluster Identity '%5' has 'Full Control' permission to that computer object using the Active Directory Users and Computers tool. |
|
Microsoft-Windows-FailoverClustering |
Cluster network name resource '%1' cannot be brought online. The computer object associated with the resource could not be updated in domain '%2'. The error code was '%3'. The cluster identity '%4' may lack permissions required to update the object. Please work with your domain administrator to ensure that the cluster identity can update computer objects in the domain. | |
Microsoft-Windows-FailoverClustering |
Cluster network name resource '%1' cannot be brought online. The computer object associated with the resource could not be updated in domain '%2' for the following reason: %3. The text for the associated error code is: %4 The cluster identity '%5' may lack permissions required to update the object. Please work with your domain administrator to ensure that the cluster identity can update computer objects in the domain. |