Understanding the Repair Active Directory Object Recovery Action

One of the responsibilities of cluster Network Name resource is to rotate the password of the computer object in Active Directory associated with it.  When the Network Name resource is online, it will rotate the password according to domain and local machine policy (which is 30 days by default).  If the password is different from what is stored in… Read more

How to Create a Cluster in a Restrictive Active Directory Environment

In Windows Server 2012 there have been several enhancements to how Windows Server Failover Clusters integrate with the Active Directory.  In this blog I am going to discuss some of the changes to help enable creating Failover Clusters in restrictive Active Directory environments where permissions to create computer objects is delegated to specific organizational units (OU)…. Read more

Identifying Stale Cluster Computer Objects

On a Windows Server Failover Cluster for each Network Name resource there is a logical name which has a corresponding computer object (CO) created.  The computer object associated with the Cluster Name this is commonly referred to as the Cluster Name Object (CNO) and for all other Network Name resources these are commonly referred to… Read more

What happens when one of my Active Directory Objects gets Deleted?

Don’t let it happen! This goes beyond clusters.  If an identity is deleted, nothing using that identity will be able to log on or authenticate against it.  The service or application that you went through all the pains to make highly available on your cluster will no longer be available to clients.  Once an object… Read more

What happened to the Cluster Service Account?

Before Windows Server 2008, the cluster required the use of a Cluster Service Account (CSA).  This was a domain user under whose credentials the cluster service, as well as cluster resources, ran.  The CSA presented some problems, the most obvious of which was requiring administrators to rotate this password every so often. In Windows Server… Read more

New Whitepaper: Failover Clustering with AD Certificate Services in Server 2008

Hi cluster fans, A new whitepaper was release this week describing how to set up, configure and troubleshoot Active Directory Certificate Services (AD CS) with Windows Server 2008 Failover Clustering.   With Windows Server 2003 and earlier versions, organizations had to deploy multiple certification authorities (CAs) to provide redundancy in case a critical network server failed…. Read more