Answer to Homework: Which identity needs access to a file share for the File Share Witness?

In my post “What happened to the Cluster Service Account?” I asked the following question:

Suppose you created a cluster named “SQLCLUSTER01” and this cluster hosts two applications, named “CORPSQL01” and “CORPDOCS.”  Active Directory will contain three computer objects – SQLCLUSTER01, CORPSQL01, and CORPDOCS.  SQLCLUSTER01 be the owner of CORPSQL01 and CORPDOCS.

Taking this example one step further, suppose that this cluster is configured to have a File Share Witness.  To which identity would you need to grant permissions on the file share used as this witness?

The answer here is the computer object named SQLCLUSTER01$.  The CNO object name is SQLCLUSTER01 and this is the identity under which the File Share Witness operates when going over the network.  The $ at the end is to indicate that the name is a computer name instead of a user or group.

Matt Kurjanowicz
Software Development Engineer
Clustering & High Availability