为数据库可用性组预暂存群集名称对象Pre-stage the cluster name object for a database availability group

适用于: Exchange Server 2013Applies to: Exchange Server 2013

在计算机帐户创建受限制或计算机帐户在非默认计算机容器创建的环境中,您可以预存群集名称对象 (CNO) ,然后通过向其分配权限来配置 CNO。由于 Windows 中计算机对象的权限变更,因此还需要为 Windows Server 2012 和 Windows Server 2012 R2 DAG 成员预先暂存 CNO。在使用运行 Windows Server 2012 或 Windows Server 2012 R2 的邮箱服务器部署数据库可用性组 (DAG) 时,必需预先暂存和设置 CNO,除非您部署的 DAG 不包含群集管理访问点。不包含群集管理访问点的 DAG 不使用 CNO,因此,不需要为这些 DAG 预先暂存 CNO。In environments where computer account creation is restricted or where computer accounts are created in a container other than the default computers container, you can pre-stage the cluster name object (CNO) and then provision the CNO by assigning permissions to it. Pre-staging the CNO is also required for Windows Server 2012 and Windows Server 2012 R2 DAG members due to permissions changes in Windows for computer objects. When deploying a database availability group (DAG) using Mailbox servers that are running Windows Server 2012 or Windows Server 2012 R2, you must pre-stage and provision the CNO, unless you are deploying a DAG without a cluster administrative access point. DAGs without cluster administrative access points do not use CNOs; therefore pre-staging is not required for those DAGs.

您可为 CNO 创建和禁用计算机帐户,然后执行以下操作之一:You create and disable a computer account for the CNO, and then either:

  • 向您要添加到 DAG 的第一个邮箱服务器的计算机帐户分配对该计算机帐户的完全控制权限。Assign full control of the computer account to the computer account of the first Mailbox server you're adding to the DAG.

  • 向 Exchange 受信任子系统通用安全组 (USG) 分配对该计算机帐户的完全控制权限。Assign full control of the computer account to the Exchange Trusted Subsystem universal security group (USG).

在开始之前,您需要知道什么?What do you need to know before you begin?

  • 估计完成时间:1 分钟Estimated time to complete: 1 minute

  • 必须使用拥有可在 Active Directory 中创建计算机对象的权限的帐户。You must use an account that has permissions to create computer objects in Active Directory.

  • 完成以下步骤后,请等待 Active Directory 复制发生。对象复制后,就可向 DAG 添加第一个成员。After completing the following steps, allow time for Active Directory replication to occur. After the object is replicated, you can add the first member to the DAG.

提示

是否有任何疑问?Having problems? 在 Exchange 论坛中寻求帮助。Ask for help in the Exchange forums. 访问Exchange Server上的论坛。Visit the forums at Exchange Server.

预留 CNOPre-stage the CNO

  1. 打开 Active Directory 用户和计算机。Open Active Directory Users and Computers.

  2. 展开林节点。Expand the forest node.

  3. Right-click the organizational unit (OU) in which you want to create the new account, select New, and then select Computer.Right-click the organizational unit (OU) in which you want to create the new account, select New, and then select Computer.

  4. In New Object - Computer, type the computer account name for the CNO in the Computer name box. This is the name that you'll use for the DAG. Click OK to create the account.In New Object - Computer, type the computer account name for the CNO in the Computer name box. This is the name that you'll use for the DAG. Click OK to create the account.

  5. 右键单击新的计算机帐户,然后单击“禁用帐户”****。单击“是”**** 以确认禁用操作,然后单击“确定”****。Right-click the new computer account, and then click Disable Account. Click Yes to confirm the disable action, and then click OK.

将权限分配给 CNOAssign permissions to the CNO

  1. 打开 Active Directory 用户和计算机。Open Active Directory Users and Computers.

  2. If Advanced Features aren't enabled, turn them on by clicking View, and then clicking Advanced Features.If Advanced Features aren't enabled, turn them on by clicking View, and then clicking Advanced Features.

  3. Right-click the new computer account, and then click Properties.Right-click the new computer account, and then click Properties.

  4. 在 " ** <Computer Name> 属性**" 中的 "安全" 选项卡上,单击 "**添加**",为要添加到 DAG 的第一个节点添加计算机帐户,或者添加 Exchange 受信任子系统 USG:In <Computer Name> Properties, on the Security tab, click Add to add either the computer account for the first node to be added to the DAG or to add the Exchange Trusted Subsystem USG:

    • 若要添加 Exchange 受信任子系统,请在“输入对象名称来选择”**** 字段中键入 Exchange Trusted Subsystem。单击“确定”**** 添加 USG。选择 Exchange Trusted Subsystem USG,并在“Exchange Trusted Subsystem 的权限”**** 字段的“允许”**** 列中选择“完全控制”****。单击“确定”**** 以保存权限设置。To add the Exchange Trusted Subsystem, type Exchange Trusted Subsystem in the Enter the object names to select field. Click OK to add the USG. Select the Exchange Trusted Subsystem USG and in the Permissions for Exchange Trusted Subsystem field, select Full Control in the Allow column. Click OK to save the permission settings.

    • To add the computer account for the first node to be added to the DAG, click Object Types.To add the computer account for the first node to be added to the DAG, click Object Types. In the Object Types dialog box, clear the Built-in security principals, Groups, and Users check boxes.In the Object Types dialog box, clear the Built-in security principals, Groups, and Users check boxes. Select the Computers check box and click OK.Select the Computers check box and click OK. In the Enter the object names to select field, type the name of the first Mailbox server to be added to the DAG, and then click OK.In the Enter the object names to select field, type the name of the first Mailbox server to be added to the DAG, and then click OK. 选择第一个节点的计算机帐户,在 "**权限 <NodeName> ** " 字段中,选择 "允许" 列中的 "**完全控制**"。Select the first node's computer account, and in the Permissions for <NodeName> field, select Full Control in the Allow column. 单击“确定”**** 以保存权限设置。Click OK to save the permission settings.

您如何知道这有效?How do you know this worked?

若要验证是否成功创建了 CNO,请执行以下操作:To verify that you've successfully created the CNO, do the following:

  1. 打开 Active Directory 用户和计算机。Open Active Directory Users and Computers.

  2. 展开林节点。Expand the forest node.

  3. 打开在其中创建了帐户的组织单位 (OU),然后验证是否列出了帐户。Open the OU in which you created the account, and then verify that the account is listed.