Microsoft KB Archive/910708

= You must specify the domain groups for the clustered SQL Server services when you install a SQL Server 2005 failover cluster =

Article ID: 910708

Article Last Modified on 10/9/2006

-

APPLIES TO


 * Microsoft SQL Server 2005 Standard Edition
 * Microsoft SQL Server 2005 Developer Edition
 * Microsoft SQL Server 2005 Enterprise Edition

-





INTRODUCTION
This article describes why you must specify the domain groups for the clustered Microsoft SQL Server services when you install a Microsoft SQL Server 2005 failover cluster.



MORE INFORMATION
When you install a SQL Server 2005 failover cluster, the Domain Groups for Clustered Services page of the SQL Server Installation Wizard prompts you to enter the domain and group name for each clustered service that you are installing. You enter the domain and group name in the \  format. You should use the following guidelines when you specify the domain groups:
 * The domain and group name must already exist. You may have to ask your domain administrator for the names of the existing domain groups or to create new global domain groups, not universal domain groups, for your failover cluster.
 * The account under which SQL Server Setup is running must have permissions to add accounts to the domain groups.
 * Each service should use a different domain group. You can use one domain group for all services, but your installation will not be as secure.
 * The domain groups are not shared with any other application.
 * The following services require one or more domain groups:
 * SQL Server
 * SQL Server Agent
 * Microsoft Full-Text Engine for SQL Server (MSFTESQL)
 * SQL Server Analysis Services

When you install a stand-alone instance of SQL Server 2005, the SQL Server Installation Wizard creates a set of local groups and adds service accounts to the groups. When you install a SQL Server 2005 failover cluster, SQL Server 2005 requires domain accounts to start the services. The domain accounts must be added to a domain group.

On a shared drive of a failover cluster, you cannot assign permissions to a local group. Therefore, you must specify the domain groups in which SQL Server 2005 creates the service accounts to start the services. Additionally, the SQL Server Installation Wizard creates a set of local groups on each cluster node.

After you install a SQL Server 2005 failover cluster, you can change the service accounts, but you cannot change the domain groups. If you want to use different domain groups, you must uninstall and then reinstall SQL Server 2005.

Note SQL Server 2005 accounts are not removed from the domain groups if SQL Server 2005 is uninstalled or if the accounts are changed. A domain administrator must make sure that all unwanted accounts are removed after SQL Server 2005 is uninstalled.

