This article describes why you must specify the domain groups for the clustered Microsoft SQL Server services when you install a Microsoft SQL Server 2008 or Microsoft SQL Server 2005 failover cluster.
When you install a SQL Server failover cluster, the Domain Groups for Clustered Services page of the SQL Server Installation Wizard prompts you to enter the domain and group name for each clustered service that you are installing. You enter the domain and group name in the DomainName\GroupName format. You should use the following guidelines when you specify the domain groups:
The domain and group name must already exist. You may have to ask your domain administrator for the names of the existing domain groups or to create new global domain groups, not universal domain groups, for your failover cluster.
The account under which SQL Server Setup is running must have permissions to add accounts to the domain groups.
Each service should use a different domain group. You can use one domain group for all services, but your installation will not be as secure.
The domain groups are not shared with any other application. Always use domain global groups.
Note If you use domain local groups in a Windows 2000 mixed mode domain, SQL Server resources may not come online even though the Setup program is finished.
The following services require one or more domain groups:
SQL Server Agent
Microsoft Full-Text Engine for SQL Server (MSFTESQL)
SQL Server Analysis Services
When you install a stand-alone instance of SQL Server, the SQL Server Installation Wizard creates a set of local groups. The wizard also adds service accounts to the groups. When you install a SQL Server failover cluster, SQL Server requires domain accounts to start the services. The domain accounts must be added to a domain group.
On a shared drive of a failover cluster, you cannot assign permissions to a local group. Therefore, you must specify the domain groups in which SQL Server creates the service accounts to start the services. Additionally, the SQL Server Installation Wizard creates a set of local groups on each cluster node.
After you install a SQL Server failover cluster, you can change the service accounts. However, you cannot change the domain groups. If you want to use different domain groups, you must uninstall and then reinstall SQL Server.
SQL Server accounts are not removed from the domain groups if SQL Server is uninstalled or if the accounts are changed. A domain administrator must make sure that all unwanted accounts are removed after SQL Server is uninstalled.
For new installations of SQL Server 2008 running on Windows 2008, we recommend that you use service SIDs for SQL Server services. Please be aware that upgrades from SQL Server 2005 to SQL Server 2008 preserves the existing domain group settings. You cannot override this behavior unless you perform the upgrade by using side-by-side migration.
For more information about user groups for different SQL Server services, visit the following Microsoft Developer Network (MSDN) Web site: