Best practices for setting up domain groups when you install a SQL Server 2005 cluster (915846)


The information in this article applies to:

  • Microsoft SQL Server 2005 Standard Edition
  • Microsoft SQL Server 2005 Developer Edition
  • Microsoft SQL Server 2005 Enterprise Edition

INTRODUCTION

When you try to install a Microsoft SQL Server 2005 cluster, the SQL Server 2005 Setup program prompts you for a domain group for each clustered service in the Domain Groups for Clustered Services dialog box. This article describes some best practices for setting up domain groups when you install a SQL Server 2005 cluster.

MORE INFORMATION

In SQL Server 2000 cluster setup, the service accounts are added to the access control list (ACL) for folders that are on the shared drives. In stand-alone installations of SQL Server 2005, service accounts are added to local groups that the SQL Server 2005 Setup program creates. Those local groups are granted permissions for files and folders. However, granting permissions to local groups does not work when the folders are in the shared cluster drives. Therefore, SQL Server requires that you specify a domain group instead of local groups for each clustered service. Then you must add the service account to the domain group when you install a SQL Server 2005 cluster. If you want to change your service account on a SQL Server 2005 cluster, make sure that your new service account is in the related domain group. Additionally, several local groups are still created on a SQL Server 2005 cluster.

Guidelines of setting domain groups

For each clustered service in the instance of SQL Server that you want to install, set the domain name and the group name by using the following format:

DomainName\GroupName

You must consider the following guidelines when you set the domain and group names:
  • The domain and group names must already exist. Ask your domain administrator for the names of existing domain groups, or ask your domain administrator to create domain groups for your failover cluster.
  • The account under which SQL Server Setup is running must have permissions to add accounts to the domain groups. When the service account domain is different from the domain group domain, you must add the account to the domain group before you run Setup. You may have to ask a domain administrator to add the account.
  • Each service should have a different domain group assigned to it. You can assign the same domain group to all services. However, the domain group will be less secure.
  • The SQL Server domain groups should not be shared with any other application.
  • Subgroups or child domain groups are not supported. The service account must be in the group that is selected in the SQL Server 2005 Setup program.
  • The domain groups must be within the same domain as the computer accounts.
  • The domain groups can be global domain groups or local domain groups.
Note SQL Server accounts are not removed from the groups if SQL Server 2005 is uninstalled or if the accounts are changed. A domain administrator must make sure that all unwanted accounts are removed after SQL Server 2005 is uninstalled.

How to change the service account for a clustered service

To change the service account for a clustered service of SQL Server 2005, follow these steps:
  1. Add the new service account to the domain group of the clustered service.
  2. On one of the cluster nodes, use SQL Server Configuration Manager to change the service account to the new account.

How to change the domain group for a clustered service

You cannot change the domain group for a clustered service unless you reinstall the SQL Server 2005 cluster. To change the domain group and keep the system databases, follow these steps:
  1. Restore the setup media. This example assumes that the Setup program is located in the D:\Servers folder.
  2. Locate the D:\Servers folder, and then uninstall SQL Server 2005 by using a Command Prompt window. Set the SAVESYSDB parameter to 1. For example, run a command that resembles the following in a Command Prompt window:

    Start /wait D:\Servers\setup.exe /qb VS=VirtualServerName INSTANCENAME=InstanceName REMOVE=ALL ADMINPASSWORD=Password SAVESYSDB=1

    Notes
    • The /qb command-line switch enables basic Setup program dialog boxes to appear. Error messages also appear.
    • The VS parameter specifies the name of the virtual server in the cluster environment. The name cannot exceed 15 characters, and it must follow the same naming rules as computer names.
    • The SAVESYSDB parameter instructs the Setup program not to remove the system databases.
    For more information about how to install or uninstall SQL Server 2005 at a Command Prompt window, visit the following Microsoft Developer Network (MSDN) Web sites:

    How to: install SQL Server 2005 from the command prompt
    http://msdn2.microsoft.com/en-us/library/ms144259.aspx

    Installing Reporting Services from the command prompt
    http://msdn2.microsoft.com/en-us/library/ms144272.aspx

  3. After you uninstall SQL Server 2005, create new domain groups that you want to use for the new installation in the domain. If you want to change the domain for the new installation, change the domain. Then, create the new domain groups.
  4. At the command prompt, install a new SQL Server 2005 cluster by setting the USESYSDB parameter to the root path of the previous SQL Server installation. The root path is defined as the parent folder of the \Data folder. For example, the system databases may be installed to the following location:

    D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf

    In this example, the USESYSDB parameter would be set to the following value:

    USESYSDB="D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\"

    For example, run a command that resembles the following at the Command Prompt window to reinstall SQL Server 2005:

    Start /wait D:\Servers\Setup.exe /qb VS=VirtualServerName INSTANCENAME=InstanceName USESYSDB="D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\"

    Additionally, you can use the following command to specify domain groups when you use the /qn command-line switch to install SQL Server 2005:

    Start /wait D:\Servers\Setup.exe /qn VS=VirtualServerName INSTANCENAME=InstanceName INSTALLVS=SQL_Engine ADDLOCAL=SQL_Engine ADDNODE=NodeName1,NodeName2 GROUP=DiskGroup IP=IP,NetworkName ADMINPASSWORD=StrongPassword SAPWD=StrongPassword INSTALLSQLDIR=InstallationPath INSTALLSQLDATADIR=ShareDrivePath SQLACCOUNT=Domain\UserName SQLPASSWORD=DomainUserPassword AGTACCOUNT=Domain\UserName AGTPASSWORD=DomainUserPassword SQLBROWSERACCOUNT=Domain\UserName SQLBROWSERPASSWORD=StrongPassword SQLCLUSTERGROUP=YourDomain\YourDomainGroupName AGTCLUSTERGROUP=YourDomain\YourDomainGroupName USESYSDB="D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\"

    Note The /qn command-line switch suppresses all Setup program dialog boxes and error messages. If you use the /qn command-line switch, all Setup program messages that include error messages are written to the setup log files.

    For more information about specific parameters that you can use when you install SQL Server at a Command Prompt window, visit the following MSDN Web site:

    http://msdn2.microsoft.com/en-us/library/ms144259.aspx#parameters

Additional considerations

  • If you try to install SQL Server 2005 on a Microsoft Windows 2000 Server-based computer, make sure that you create the domain group and add the service account user to the domain group before you run the Setup program.
  • Installing SQL Server 2005 cluster on a domain controller is not supported.
  • Running SQL Server 2005 cluster setup in repair mode does not enable a user to change domain groups.
Modification Type:MajorLast Reviewed:9/11/2006
Keywords:kbsql2005setup kbsql2005cluster kbExpertiseAdvanced kbinfo KB915846 kbAudDeveloper kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.