You can change the service accounts without problems, simply use the SQL
configuration manager. You cannot change the groups without reinstalling
SQL Server. The groups carry all the permissions necessary to run SQL as a
clustered service, so you can simply place the new account in the correct
group, then chnage the service to use that login. Be aware that you will
need to stop and restart the SQL service in order to apply the changes.
--
Geoff N. Hiten
Senior Database Administrator
Microsoft SQL Server MVP
[quoted text, click to view] "Brian K" <brikeener@geemail.invalid> wrote in message
news:jSCEh.19502$s72.16124@fe12.news.easynews.com...
>I am administering a 2005 SQL active/passive cluster.
>
> The sql services are all running under a domain logon that has "Domain
> Admin" rights, and I'd like to change that.
>
> According to
http://support.microsoft.com/kb/915846/en-us, it seems that
> doing so might necessitate re-installing the entire cluster!
>
> Is that right? Are there any work-arounds?
>
> Could I simply create a NEW service account with the credentials/group
> memberships I desire and move the services over to the new service
> account?
>
> Brian K
When you built the cluster, the installer asked you for three domain group
names. These groups are the holders for the permissions required to operate
SQL Server in a cluster. These are the groups I am referring to.
--
Geoff N. Hiten
Senior Database Administrator
Microsoft SQL Server MVP
[quoted text, click to view] "Brian K" <brikeener@geemail.invalid> wrote in message
news:zAEEh.22184$lb3.6977@fe08.news.easynews.com...
> Geoff N. Hiten wrote:
>> You can change the service accounts without problems, simply use the SQL
>> configuration manager. You cannot change the groups without reinstalling
>> SQL Server. The groups carry all the permissions necessary to run SQL as
>> a clustered service, so you can simply place the new account in the
>> correct group, then chnage the service to use that login. Be aware that
>> you will need to stop and restart the SQL service in order to apply the
>> changes.
>>
>
> I am not sure I completely understand your answer.
> The existing account belongs to "Domain Admins" and "Service Accounts."
>
> If I create a new account, and give it ONLY the permissions of "Service
> Accounts", and replace the EXISTING service account credentials with this
> new account, it will work without a re-install?
>
> Or does the NEW account also require "Domain Admins" membership?
>
> Brian K
I am administering a 2005 SQL active/passive cluster.
The sql services are all running under a domain logon that has "Domain
Admin" rights, and I'd like to change that.
According to
http://support.microsoft.com/kb/915846/en-us, it seems that
doing so might necessitate re-installing the entire cluster!
Is that right? Are there any work-arounds?
Could I simply create a NEW service account with the credentials/group
memberships I desire and move the services over to the new service account?
[quoted text, click to view] Geoff N. Hiten wrote:
> You can change the service accounts without problems, simply use the SQL
> configuration manager. You cannot change the groups without
> reinstalling SQL Server. The groups carry all the permissions necessary
> to run SQL as a clustered service, so you can simply place the new
> account in the correct group, then chnage the service to use that
> login. Be aware that you will need to stop and restart the SQL service
> in order to apply the changes.
>
I am not sure I completely understand your answer.
The existing account belongs to "Domain Admins" and "Service Accounts."
If I create a new account, and give it ONLY the permissions of "Service
Accounts", and replace the EXISTING service account credentials with
this new account, it will work without a re-install?
Or does the NEW account also require "Domain Admins" membership?
[quoted text, click to view] "Brian K" <brikeener@geemail.invalid> wrote in message
news:zAEEh.22184$lb3.6977@fe08.news.easynews.com...
> Geoff N. Hiten wrote:
>> You can change the service accounts without problems, simply use the SQL
>> configuration manager. You cannot change the groups without reinstalling
>> SQL Server. The groups carry all the permissions necessary to run SQL as
>> a clustered service, so you can simply place the new account in the
>> correct group, then chnage the service to use that login. Be aware that
>> you will need to stop and restart the SQL service in order to apply the
>> changes.
>>
>
> I am not sure I completely understand your answer.
> The existing account belongs to "Domain Admins" and "Service Accounts."
>
> If I create a new account, and give it ONLY the permissions of "Service
> Accounts", and replace the EXISTING service account credentials with this
> new account, it will work without a re-install?
>
> Or does the NEW account also require "Domain Admins" membership?
>
> Brian K
>
If you used the same account for both the sqlsvc as well as the cluster
manager account, then you will need to change the sqlsvc account, the MSCS
account must be an AD domain admin.
[quoted text, click to view] > the MSCS
> account must be an AD domain admin.
>
the MSCS account must be a domain user, but a local admin on the nodes of
the cluster
rgds,
Edwin.
Don't see what you're looking for? Try a search.
