Let me begin by apologizing to all of the SQL Administrators out there, but I may butcher some SQL terminology in this post. I’ll never have the title of “Sr. Database Administrator”, so I’d likely be considered by professional database administrators to have enough knowledge “to be dangerous”.
Well, I had the pleasure to install a SQL 2005 active/passive cluster recently and thought I’d share a little bit on the concept of Domain Groups for Clustered Services. When SQL 2005 is installed on a non-clustered server, it creates 6 local groups, adds the specified SQL Service accounts, and grants the necessary permissions for files and folders to these local groups. The groups created are shown below:
Although SQL Setup can create these local groups, they cannot be used to grant permissions to resources on other members of the SQL failover cluster, thus any attempts to failover SQL services to another cluster member would not be successful. To compensate for this, SQL 2005 introduces Domain Groups for Clustered Services to allow for domain groups, which can be used by any cluster members, to be used for assigning the necessary permissions to the local SQL hosts. This ensures any failover attempts will succeed.
During the installation of SQL 2005 on a clustered node, you will be prompted to specify the domain group(s) for this purpose, right after the SQL service account is selected. To find out more about SQL 2005 and Domain Groups for Clustered Services, including their best practices, click here.