stackoom
  简体   繁体   中英

Creating Windows Cluster with Powershell

 原文  2019-11-27 10:17:18       windows/ powershell/ psexec/ windows-clustering/ credssp

Question

I have a Windows cluster provisioning script. I am not able to execute the New-Cluster command as Administrator. It says that the user should be a domain user to be able to execute the command.

I m trying to use PSExec to login as a domain user and try if the command is working, but still with no success.

C:\\Users\\Administrator\\Desktop\\PSTools\\PsExec.exe -s -u name -p "pass" -accepteula cmd /c "powershell -noprofile & { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File "C:\\scripts\\cluster-config.ps1 " " -Verb RunAs; exit }"

(I have passed the params correctly while executing)

The cluster-config.ps1 

param(
[Parameter(Mandatory=$true)][string]$clusterName,
[Parameter(Mandatory=$true)][string]$srv1,
[Parameter(Mandatory=$true)][string]$srv2,
[Parameter(Mandatory=$true)][string]$clusterIP
)

#Create and configure the WinCluster
New-Cluster -Name $clusterName -Node $srv1,$srv2 -StaticAddress $clusterIP -AdministrativeAccessPoint ActiveDirectoryAndDns

How can I create a Windows Cluster as ad Administrator? Unfortunately direct login with domain user credentials is not possible.

1 answers

solution1
 0  2019-11-27 11:24:59

In order to create the new Cluster, you need to have the rights to be able to create a new Cluster computer account in Active Directory. A normal Domain User does not have rights to create a new computer account in Active Directory unless they have the rights delegated to them.

Your statement "direct login with domain user credentials is not possible" is not possible at all. A cluster in an Active Directory creates a physical Computer Account in Active Directory. If you do not have access/don't login to Active Directory you cannot create a cluster.

Usually for a cluster, a Domain Administrator has to first create the cluster (and thereby creating the appropriate Computer account). Then using that newly created account, delegate access. Once the cluster has the appropriate rights delegated to it, if can create the Computer Accounts needed to create the roles needed for the cluster.

  1. Create the cluster with a Domain Administrator login. This will create the initial Active Directory Computer account.
  2. In Active Directory we need to then delegate control for the computer account and Configured Cluster name CLUSTERNAME with rights to add computers to the domain (so that it has rights to add the resources to AD):
  3. Active Directory Users and Computers -> right-click domain -> Delegate Control
  4. Enter Computer Name – CLUSTERNAME
  5. Delegate the following common tasks -> Join a Computer to the domain

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Creating a Windows failover cluster using PowerShell reported an error Creating Alias in Windows Powershell Stop/Start Microsoft Windows Cluster roles with Powershell gfortran compiler on windows powershell not creating executable Creating new file through Windows Powershell cannot create windows cluster file share using powershell/wmi Creating a zipped/compressed folder in Windows using Powershell or the command line Creating a GitHub Action which runs a Powershell script on a Windows host Creating private queues in PowerShell on Windows Server 2008 R2 Trouble creating multiple folders from a TXT file in Windows PowerShell or CMD?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM