This article describes why you must specify the domain groups
for the clustered Microsoft SQL Server services when you install a Microsoft SQL Server 2008 or Microsoft SQL Server 2005 failover
When you install a SQL Server failover cluster, the Domain Groups for Clustered Services page
of the SQL Server Installation Wizard prompts you to enter the domain and
group name for
each clustered service that you are installing. You enter the domain and
group name in the
format. You should use the following guidelines when you specify the domain groups:
- The domain and group name must already exist. You may have to ask your domain administrator for the names of the existing domain groups or to create new global domain groups, not universal domain groups, for your failover cluster.
- The account under which SQL Server Setup is running must
have permissions to add accounts to the domain groups.
- Each service should use a different domain
group. You can use one domain
group for all services, but your installation will not be as secure.
- The domain groups are not shared with any other
application. Always use domain global groups.
Note If you use domain local groups in a Windows 2000 mixed mode domain, SQL Server resources may not come online even though the Setup program is finished.
- The following services require one or more domain groups:
- SQL Server
- SQL Server Agent
- Microsoft Full-Text Engine for SQL Server (MSFTESQL)
- SQL Server Analysis Services
When you install a stand-alone instance of SQL Server, the SQL Server Installation Wizard creates a set of local groups. The wizard also adds service
accounts to the groups. When you install a SQL Server failover cluster, SQL Server requires domain accounts to start the services. The domain accounts must be added to a domain group.
On a shared drive of a failover cluster, you cannot assign permissions to a local group. Therefore, you must specify
the domain groups in which SQL Server creates the service accounts to start the
services. Additionally, the SQL Server Installation Wizard creates a set of local groups on
each cluster node.
After you install a SQL Server failover cluster, you can change the service accounts. However, you cannot change the
domain groups. If you want to use different domain groups, you must
uninstall and then reinstall SQL Server.Notes
- SQL Server accounts are not removed from the domain groups if SQL
Server is uninstalled or if the accounts are changed. A domain administrator
must make sure that all unwanted accounts are removed after SQL
Server is uninstalled.
- For new installations of SQL Server 2008 running on Windows 2008, we recommend that you use service SIDs for SQL Server services. Please be aware that upgrades from SQL Server 2005 to SQL Server 2008 preserves the existing domain group settings. You cannot override this behavior unless you perform the upgrade by using side-by-side migration.
For more information about user groups for different SQL Server services, visit the following Microsoft Developer Network (MSDN) Web site:
For more information, see the following topics in SQL Server Books Online:
Article ID: 910708 - Last Review: July 28, 2009 - Revision: 2.1
- Microsoft SQL Server 2008 Developer
- Microsoft SQL Server 2008 Enterprise
- Microsoft SQL Server 2008 Standard
- Microsoft SQL Server 2005 Developer Edition
- Microsoft SQL Server 2005 Enterprise Edition
- Microsoft SQL Server 2005 Standard Edition
- Microsoft SQL Server 2008 R2 Developer
- Microsoft SQL Server 2008 R2 Enterprise
- Microsoft SQL Server 2008 R2 Standard
|kbsql2005cluster kbexpertiseadvanced kbinfo KB910708|