Domain accounts and the Cluster service

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Domain accounts and the Cluster service

You must log on using an account that is a member of an Administrators group to create the first node in a cluster or add additional nodes. All nodes must have joined a domain (instead of a workgroup) and be members of the same domain. When you create a cluster or join nodes to a cluster, you specify the domain user account under which the Cluster service runs. It is best if the Cluster service user account is a new account. The account must have local administrative rights and permissions on the cluster nodes. In addition, make sure that applications (for example, Microsoft SQL Server 2000) do not use the same account as the Cluster service account. Be sure to keep the password from expiring on the account (follow your organization's policies for password renewal).

When you install the operating system on a member server, Setup adds the Cluster service account as a member of the local Administrators group. When you install the operating system on a domain controller, Setup gives cluster-administrative permissions to the Domain Administrators group.

When you use Cluster Administrator to administer a cluster from a remote location, such as from another server or a computer running Windows XP Professional, or to administer a cluster locally from a node, you must use an account that is a member of the local Administrators group on all nodes. For more information, see Give a user permissions to administer a cluster.

Note

  • You can use an account that is a domain user account or a member of a global group to remotely or locally administer a cluster if you use cluster.exe or cluster scripting tools. For more information, see Cluster and the Microsoft Platform Software Development Kit (SDK).

If you have administrative permissions on all nodes of the cluster, you can fully administer the cluster. However, if you have only specific permissions to administer the cluster, you cannot change the cluster description, change cluster security, or register extensions to Cluster Administrator.

For information on changing the account used to run the Cluster service, see Change the account under which the Cluster service runs.

For information on changing the password for the Cluster service account, see Change the Cluster service account password.