You need to ensure that you can start File1

Your network contains an Active Directory domain named contoso.com. The domain contains two servers
named Node1and Node2. Node1and Node2 run Windows Server 2012 R2. Node1and Node2 are configured as
a two-node failover cluster named Cluster2.
The computer accounts for all of the servers residein an organizational unit (OU) named Servers.
A user named User1 is a member of the local Administrators group on Node1and Node2.
User1 creates a new clustered File Server role named File1 by using the File Server for general use option. A
report is generated during the creation of File1 asshown in the exhibit. (Click the Exhibit button.)

File1 fails to start.
You need to ensure that you can start File1.
What should you do?

Your network contains an Active Directory domain named contoso.com. The domain contains two servers
named Node1and Node2. Node1and Node2 run Windows Server 2012 R2. Node1and Node2 are configured as
a two-node failover cluster named Cluster2.
The computer accounts for all of the servers residein an organizational unit (OU) named Servers.
A user named User1 is a member of the local Administrators group on Node1and Node2.
User1 creates a new clustered File Server role named File1 by using the File Server for general use option. A
report is generated during the creation of File1 asshown in the exhibit. (Click the Exhibit button.)

File1 fails to start.
You need to ensure that you can start File1.
What should you do?

A.
Increase the value of the ms-DS-MachineAccountQuota attribute of the domain.

B.
Assign the user account permissions of User1 to the Servers OU.

C.
Assign the computer account permissions of Cluster2to the Servers OU.

D.
Recreate the clustered File Server role by using the File Server for scale-out application data option.

E.
Log on to the domain by using the built-in Administrator for the domain, and then recreate the clustered File
Server role by using the File Server for general use option.

Explanation:
C or E? Needs verification



Leave a Reply 7

Your email address will not be published. Required fields are marked *


Steve

Steve

E – user who creates the cluster must have the “create computer objects” permission to the OU

BitterSysAdmin

BitterSysAdmin

You wont get that using built-in admistrators… they dont have access to create computer objects.

mina

mina

thanks steve

ebrahimkali

ebrahimkali

The correct answer is B. Assign the user account permissions of User1 to the Servers OU

A. Log on to the domain by using the built-in Administrator for the domain, and then recreate the clustered File Server role by using the File Server for general use option:
It is not required that the cluster creator has to have domain admin privilege (Deploy an Active Directory-Detached Cluster).
https://technet.microsoft.com/en-us/library/dn265970.aspx

C. Assign the computer account permissions of Cluster2 to the Servers OU:
This step has to be done prior of creating the cluster (Prestage Cluster Computer Objects in Active Directory Domain Services).
https://technet.microsoft.com/en-us/library/dn466519.aspx

D. Increase the value of the ms-DS-MachineAccountQuota attribute of the domain:
This is not the issue because the user account which is used to create the cluster already doesn’t have permission to create active directory object.
https://technet.microsoft.com/en-us/library/dd391926(v=ws.10).aspx

E. Recreate the clustered File Server role by using the File Server for scale-out application data option:
This is not related to the issue.
File Server for general use:
When you select this option, you have support for SMB and NFS shares, and you can also use File Server Resource Manager, Distributed File System Replication and other File Services role services.
File Server for scale-out application data:
When you select this role, there is support only for SMB v3 shares; that is, there is no support for NFS shares. In addition, with this configuration you will not be able to use some file server role services, such as FSRM and DFS replication.
https://technet.microsoft.com/en-us/library/hh831349.aspx

B. Assign the user account permissions of User1 to the Servers OU:
This is the correct choice.
You must configure permissions so that the user account that will be used to create the failover cluster has Full Control permissions to the Cluster Name Object (CNO).
https://technet.microsoft.com/en-us/library/dn466519.aspx#BKMK_UserPerms For Windows Server 2012 (R2)
Requirements related to failover clusters, Active Directory domains, and accounts
As described in the preceding three sections, certain requirements must be met before clustered services and applications can be successfully configured on a failover cluster. The most basic requirements concern the location of cluster nodes (within a single domain) and the level of permissions of the account of the person who installs the cluster. If these requirements are met, the other accounts required by the cluster can be created automatically by the failover cluster wizards. The following list provides details about these basic requirements.
 Nodes: All nodes must be in the same Active Directory domain. (The domain cannot be based on Windows NT 4.0, which does not include Active Directory.)
 Account of the person who installs the cluster: The person who installs the cluster must use an account with the following characteristics:
o The account must be a domain account. It does not have to be a domain administrator account. It can be a domain user account
o The account must have administrative permissions on the servers that will become cluster nodes. The simplest way to provide this is to create a domain user account, and then add that account to the local Administrators group on each of the servers that will become cluster nodes.
o The account (or the group that the account is a member of) must be given the Create Computer objects and Read All Properties permissions in the container that is used for computer accounts in the domain. Another alternative is to make the account a domain administrator account.
o If your organization chooses to prestage the cluster name account (a computer account with the same name as the cluster), the prestaged cluster name account must give “Full Control” permission to the account of the person who installs the cluster.
https://technet.microsoft.com/en-us/library/cc731002(v=ws.10).aspx#BKMK_requirements For Windows Server 2008 (R2)

frank

frank

No it’s not, the CLUSTER COMPUTER OBJECT must have permission on the OU and not the user!

ATLJason

ATLJason

The correct answer here is C…and the reason is because of the non-default OU.

ebrahimkali’s explanation above is all about creating a cluster. The question is asking about creating a cluster ROLE. When a cluster role is created, the cluster name object (CNO) needs to have permission to create an AD object for the role itself. If it were all happening in the default Computers contained like in 2K8R2, the CNO would already have this permission. Because it is a custom OU, it does not.

This article explains it beautifully:

http://blogs.technet.com/b/askpfeplat/archive/2014/11/17/when-creating-a-new-resource-or-role-in-windows-server-2012-r2-failover-cluster-the-network-name-fails-to-come-online-or-failed-to-create-associated-computer-object-in-domain.aspx

mslover

mslover

Thanks, I thought it was the cluster object and no the user object that needed the permissions.