question

GloriaGu-MSFT avatar image
0 Votes"
GloriaGu-MSFT asked XiaoweiHe-MSFT answered

Permission only to do the cluster fail over activity

He Team

I do have a requirement to provide an AD account access only fail over cluster management of few servers.
The account shouldn't have any permission to restart\shutdown servers OR any other high privileges on these servers.

Thread source link: https://social.technet.microsoft.com/Forums/windowsserver/en-US/29aa4aa3-3bd0-42b8-950d-7af569022d49/permission-only-to-do-the-cluster-fail-over-activity?forum=winserverClustering

windows-server-clustering
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

XiaoweiHe-MSFT avatar image
0 Votes"
XiaoweiHe-MSFT answered

Hi Sabir_rm,

Based on my test, the lowest privilege of the account to manage cluster can be a common domain user account that add to every node's local admin group.

However, as the user account add to nodes' local admin group, it can also restart/shutdown nodes, so, your requirement might not be meet.

Thanks for your time!

Best Regards,

Anne

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.