The cluster configuration validation test showed that the account used to run the validation does not have the permission to create computer object.
I ignored the warning and continue with the Windows Server 2008 R2 cluster creation and at the Access Point for Administering the Cluster I encountered “You do not have permissions to create a computer object in the Active Directory.”.
By default, the computer object will be created in the Computers container but the account I am using do not have the permission to do so. However, the account I am using has full control on an OU which I manage. So to workaround the problem, I will pre-create the computer in the OU which the account has full control.
What if the account I am using totally does not have the permission to create computer object? Then I will need someone with the permission to create for me and grant the account I am using full control on pre-created computer object.
The pre-created computer object will need to be disabled otherwise you will get the following error.
An enabled computer object for ‘xxxxxxxx’ was found. This usually means that the name is in use by another computer or cluster network name. If this is not the case then please disable or delete the Active Directory Computer Object.
According to How to Create a Cluster in a Restrictive Active Directory Environment, Windows Server 2012 provides the flexibility of entering the cluster name in full distinguished name. Maybe adding a browse button to browse and select the OU will be even better.
No comments:
Post a Comment