Autogenerated Active Directory objects

This article describes what are the Active Directory (AD) accounts and groups that SQL Server creates during a big data cluster deployment.

Note

Starting with SQL Big Data Clusters CU13, the passwords of autogenerated Active Directory objects can be easily rotated. For more information, see Autogenerated AD objects password rotation.

Accounts & groups

The user accounts and groups are generated in the provided organizational unit (OU) during cluster deployment.

Each of the accounts represents a service in Big Data Clusters. The accounts own the Service Principal Names (SPNs) required by each service. The SPNs owned by each account can be listed using setspn command.

The deployment automatically generates account and group names. Beginning with SQL Server 2019 CU5, the account or group name prefix is the deployment namespace name (big data cluster name). If the cluster name is bdc for the items on this article, replace <prefix> with bdc to identify your accounts.

The pod suffix (-x) denotes a variable pod ID below. The names below do not include a variable prefix that is user provided during deployment.

The classic account name applies to deployments using versions before SQL Server 2019 CU5 as well as deployments done with "useSubdomain" option set to false in security configuration.

Account or group name More information
<prefix>-ctrl Controller service account
<prefix>-ngxm Monitoring service proxy service account
<prefix>-ldap LDAP lookup user
<prefix>-sqc0-x/<prefix>-sqc0 Compute pool SQL Server user
<prefix>-dmc0-x Compute pool Data Warehouse DMS user
<prefix>-dec0-x Compute pool Data Warehouse Engine user
<prefix>-sqd0 Data pool SQL Server user
<prefix>-sqs0 Storage pool SQL Server user
<prefix>-ynt0-x Storage pool Yarn node manager service user
<prefix>-htt0 Storage pool HTTP service user
<prefix>-hdt0 Storage pool HDFS datanode service user
<prefix>-hdnn HDFS Name node service user
<prefix>-htnn HDFS Name node HTTP service user
<prefix>-kmnn-x Name node KMS service user
<prefix>-jnzk-x Zookeeper JournalNode service users
<prefix>-htzk Zookeeper HTTP service user
<prefix>-yrsh-x Sparkhead Yarn resource manager service user
<prefix>-htsh Sparkhead HTTP user
<prefix>-shsh-x Sparkhead Spark history service user
<prefix>-lvsh-x Sparkhead Livy service user
<prefix>-hvsh-x Sparkhead Hive service user
<prefix>-yns0-x Spark pool Yarn node manager service user
<prefix>-hts0 Spark pool Yarn node manager HTTP user
<prefix>-knox-x Knox Gateway user
<prefix>-htgw Knox Gateway HTTP user
<prefix>-apst App setup user
<prefix>-dmsvc Data Warehouse DMS Service group
<prefix>-desvc Data Warehouse Engine Service group

The following section provides more details about each account. For information about groups, skip to Groups.

Controller service account

Object Account name
Scale set name control
Pod name control-x
Container name controller
Service name controller
Account name (without prefix) ctrl
Account (with namespace prefix) <prefix>-ctrl
Classic account name ctrl-controller

Monitoring service proxy service account

Object Account name
Scale set name mgmtproxy
Pod name mgmtproxy-x
Container name service-proxy
Service name nginx
Account (without prefix) ngxm
Account (with namespace prefix) <prefix>-ngxm
Classic account name nginx-mgmtproxy

LDAP lookup user

Used by grafana and hadoop services to look up users through LDAP.

Object Account name
Scale set name metricsui
Pod name metricsui-x
Container name grafana
Service name grafana
Account name (without prefix) ldap
Account name (with namespace prefix) <prefix>-ldap
Classic account name ldap-user

Master pool accounts

Master pool SQL Server user

Object Account name
Scale set name master
Pod name master-x
Container name mssql-server
Service name mssql
Account name (without prefix) sqmp-x/sqmp
Account name (with namespace prefix) <prefix>-sqmp-x/<prefix>-sqmp
Classic account name mssql-master-x

Master pool Data Warehouse DMS user

Object Account name
Scale set name master
Pod name master-x
Container name mssql-server
Service name dwdms
Account (without prefix) dmmp-x
Account (with namespace prefix) <prefix>-dmmp-x
Classic account name dwdms-master-x

Master pool Data Warehouse Engine user

Object Account name
Scale set name master
Pod name master-x
Container name mssql-server
Service name dweng
Account (without prefix) demp
Account (with namespace prefix) <prefix>-demp-x
Classic account name dweng-master-x

Compute pool accounts

Compute pool SQL Server user

Object Account name
Scale set name compute-0
Pod name compute-0-x
Container name mssql-server
Service name mssql
Account (without prefix) sqc0-x/sqlc0
Account (with namespace prefix) <prefix>-sqc0-x/<prefix>-sqc0
Classic account name mssql-compute-0-x

Compute pool Data Warehouse DMS user

Object Account name
Scale set name compute-0
Pod name compute-0-x
Container name mssql-server
Service name dwdms
Account (without prefix) dmc0-x
Account (with namespace prefix) <prefix>-dmc0-x
Classic account name dwdms-compute-0-x

Compute pool Data Warehouse Engine user

Object Account name
Scale set name compute-0
Pod name compute-0-x
Container name mssql-server
Service name dweng
Account (without prefix) dec0-x
Account (with namespace prefix) <prefix>-dec0-x
Classic account name dweng-compute-0-x

Data pool accounts

Data pool SQL Server user

Object Account name
Scale set name data-0
Pod name data-0-x
Container name mssql-server
Service name mssql
Account (without prefix) sqd0
Account (with namespace prefix) <prefix>-sqd0
Classic account name mssql-data-0

Storage pool accounts

Storage pool SQL Server user

Object Account name
Scale set name storage-0
Pod name storage-0-x
Container name mssql-server
Service name mssql
Account (without prefix) sqs0
Account (with namespace prefix) <prefix>-sqs0
Classic account name mssql-storage-0

Storage pool Yarn node manager service user

Object Account name
Scale set name storage-0
Pod name storage-0-x
Container name hadoop
Service name Yarn Node Manager
Account (without prefix) ynt0-x
Account (with namespace prefix) <prefix>-ynt0-x
Classic account name yarnnm-storage-0-x

Storage pool HTTP service user

Object Account name
Scale set name storage-0
Pod name storage-0-x
Container name hadoop
Service name HDFS Datanode
Account (without prefix) hdt0
Account (with namespace prefix) <prefix>-hdt0
Classic account name http-storage-0

Storage pool HDFS datanode service user

Object Account name
Scale set name storage-0
Pod name storage-0-x
Container name hadoop
Service name HDFS Datanode
Account (without prefix) hdt0
Account (with namespace prefix) <prefix>-hdt0
Classic account name hdfsdn-storage-0

HDFS accounts

HDFS Name node service user

Object Account name
Scale set name nmnode-0
Pod name nmnode-0-x
Container name hadoop
Service name HDFS Namenode
Account (without prefix) hdnn
Account (with namespace prefix) <prefix>-hdnn
Classic account name hdfsnn-nmnode

HDFS Name node HTTP service user

Object Account name
Scale set name nmnode-0
Pod name nmnode-0-x
Container name hadoop
Service name HDFS Namenode
Account (without prefix) htnn
Account (with namespace prefix) <prefix>-htnn
Classic account name http-nmnode

KMS accounts

Name node KMS service user

Object Account name
Scale set name nmnode-0
Pod name nmnode-0-x
Container name hadoop
Service name KMS
Account (without prefix) kmnn-x
Account (with namespace prefix) <prefix>-kmnn-x
Classic account name kms-nmnode-x

Zookeeper accounts

Zookeeper JournalNode service users

Object Account name
Scale set name zookeeper
Pod name zookeeper-x
Container name zookeeper
Service name Journal node
Account (without prefix) jnzk-x
Account (with namespace prefix) <prefix>-jnzk-x
Classic account name jn-zookeeper-x

Zookeeper HTTP service user

Object Account name
Scale set name zookeeper
Pod name zookeeper-x
Container name zookeeper
Service name Zookeeper
Account (without prefix) htzk
Account (with namespace prefix) <prefix>-htzk
Classic account name http-zookeeper

Sparkhead Yarn resource manager service user

Object Account name
Scale set name sparkhead
Pod name sparkhead-x
Container name hadoop-yarn-jobhistory
Service name Yarn Resource Manager
Account (without prefix) yrsh-x
Account (with namespace prefix) <prefix>-yrsh-x
Classic account name yarnrm-sparkhead-x

Sparkhead HTTP user

Object Account name
Scale set name sparkhead
Pod name sparkhead-x
Container name *
Service name *
Account (without prefix) htsh
Account (with namespace prefix) <prefix>-htsh
Classic account name http-sparkhead

Sparkhead Spark history service user

Object Account name
Scale set name sparkhead
Pod name sparkhead-x
Container name hadoop-livy-sparkhistory
Service name Spark History Server
Account (without prefix) shsh-x
Account (with namespace prefix) <prefix>-shsh-x
Classic account name sph-sparkhead-x

Sparkhead Livy service user

Object Account name
Scale set name sparkhead
Pod name sparkhead-x
Container name hadoop-livy-sparkhistory
Service name Livy
Account (without prefix) lvsh-x
Account (with namespace prefix) <prefix>-lvsh-x
Classic account name livy-sparkhead-x

Sparkhead Hive service user

Object Account name
Scale set name sparkhead
Pod name sparkhead-x
Container name hadoop-hivemetastore
Service name Hive Metastore
Account (without prefix) hvsh-x
Account (with namespace prefix) <prefix>-hvsh-x
Classic account name hive-sparkhead-x

Spark pool Yarn node manager service user

Object Account name
Scale set name spark-0
Pod name spark-0-x
Container name hadoop
Service name Yarn Node Manager
Account (without prefix) yns0-x
Account (with namespace prefix) <prefix>-yns0-x
Classic account name yarnnm-spark-0-x

Spark pool Yarn node manager HTTP user

Object Account name
Scale set name spark-0
Pod name spark-0-x
Container name hadoop
Service name Yarn Node Manager
Account (without prefix) hts0
Account (with namespace prefix) <prefix>-hts0
Classic account name http-spark-0

Knox accounts

Knox Gateway user

Object Account name
Scale set name gateway
Pod name gateway-x
Container name knox
Service name Knox
Account (without prefix) knox-x
Account (with namespace prefix) <prefix>-knox-x
Classic account name knox-gateway-x

Knox Gateway HTTP user

Object Account name
Scale set name gateway
Pod name gateway-x
Container name knox
Service name Knox
Account (without prefix) htgw
Account (with namespace prefix) <prefix>-htgw
Classic account name http-gateway

App accounts

App setup user

Object Account name
Scale set name appproxy
Pod name appproxy-x
Container name App Service Proxy
Service name nginx
Account (without prefix) apst
Account (with namespace prefix) <prefix>-apst
Classic account name app-setup

Groups

The following groups are created in the OU provided by the user. The members of the groups are the users created above for the corresponding services.

Data Warehouse DMS Service group

Object Group name
Scale set name master/compute-0
Pod name master-x/compute-0-x
Container name mssql-server
Service name dwdms
Group (without prefix) dmsvc
Account (with namespace prefix) <prefix>-dmsvc
Classic account name dwdms-service

Data Warehouse Engine Service group

Object Group name
Scale set name master/compute-0
Pod name master-x/compute-0-x
Container name mssql-server
Service name dweng
Group (without prefix) desvc
Account (with namespace prefix) <prefix>-desvc
Classic account name desvc

Next steps