Cluster object permissions

[alexray92]

Using this module to create a cluster, I then deployed a SQL 2016 Always On Availability Group. On attempting to create an AG listener, I get an error 1194 due to the cluster computer object not having permission to create computer objects.

This can be worked around by delegating permissions manually, but that seems a little hokey. I can create an OU for the cluster and its objects, put a security group in there, delegate permission to the security group, then just make sure the cluster object is in the security group - though that requires, afaik, that the cluster is (1) created in that OU, and (2) added to the group. I'm ending up prestaging the ou/group and using xadgroup to add the cluster object to that group.

Might be outside the scope of this module, but a note as a limitation might be useful for others that hit the same snag.

[johlju]

@alexray92 Yes, I think this is out of scope, because all those things should either already exist, or the user want some special naming convention in there AD, or the OU and group should be in different OU's in specific locations depending on the convention that is used. For some AD installations the user might not be allowed to have permission to create the needed objects thus the AD team need to prestage those.

[johlju]

@alexray92 Although, I'm all for adding any documentation and/or examples that explain the steps need for the users.

[stale[bot]]

This issue has been automatically marked as stale because it has not had activity from the community in the last 30 days. It will be closed if no further activity occurs within 10 days. If the issue is labelled with any of the work labels (e.g bug, enhancement, documentation, or tests) then the issue will not auto-close.

[stale[bot]]

This issue has been automatically closed because it is has not had activity from the community in the last 40 days.