When creating a Database Availability Group (DAG) in Exchange 2010 or Exchange 2013 you leverage Fail-over Clustering from the operating system, e.g. Windows Server 2008 R2.
Behind the scenes Kerberos authentication is used, for which a so called Cluster Name Object (CNO) has to be created in Active Directory. This CNO will be associated with the Cluster Name Resource.
Depending on the situation, like having the ability to create computer accounts in the domain, you may need to create – or pre-stage – the cluster name object as computer account upfront. For Exchange 2013 on Windows Server 2012, pre-staging the CNO is a requirement. This manual task is described here.
However, there may be circumstances where having the ability to automate the process would be more appropriate, like when you want a fully automated setting up a DAG for example. For this purpose I have created a small script, Create-CNO.ps1. The syntax is as follows:
Create-CNO.ps1 [-Identity] <String> [[-Computers] <Array>] [[-OU] <String>
A small explanation of the available parameters:
- The Identity is used to specify the name of the CNO;
- The optional Computers parameter can be used to specify the computer account which should be granted permissions on the CNO. You can specify multiple accounts seperated by commas (when for example you’re not sure which your will be used to create the DAG). When the Computers parameter is omitted, the Exchange Trusted Subsystem will be granted permissions on the CNO;
- OU is the name of the container to create the CNO in. When not specified, the default container for computer accounts will be used. This is done by querying for the Well-Known GUID for the computers container, aa312825768811d1aded00c04fd8d5cd (more on Well-Known GUIDs here). Note that when specifying the OU, you need to enclose it in quotes otherwise PowerShell will assume the parameter is an array;
- The Verbose parameter is supported.
So, for example assume you want to create a DAG called DAG001 and the first Mailbox Server will be L14Ex1. The computer object for the cluster is to be stored in the OU ou=Temp,dc=litware,dc=com. In that case, you would call the script as follows:
Create-CNO.ps1 –Identity DAG001 –Computers L14EX1 –OU “ou=Temp,dc=litware,dc=com” –Verbose
If you want to grant Exchange Trusted Subsystem permissions as well and let the script look up the CNO name, you can use:
Create-CNO.ps1 –Identity DAG001 –Verbose
You can download the script from the TechNet Gallery here.
Hi Michel
Adding just the first node is sufficient?
Thanks
LikeLike
Yes, and optional – either you specify the first node or Exchange Trusted Subsystem.
I’ll make some changes to reflect this, thanks. Done, v1.1 is here!LikeLike
Pingback: NeWay Technologies – Weekly Newsletter #22 – December 20, 2012NeWay | NeWay
Pingback: Installing an Exchange Server 2013 Database Availability Group
Hi Michel,
I’m getting an error at Line 41 Character 1 – Unexpected attribute cmdletbinding – unexpected token ‘param’ in expression or statement
I get it with both the OU qualified or just the plain command. Running Server 2012 fully patched.
Thanks
Tony
LikeLike
Pingback: Installing an Exchange Server 2013 Database Availability Group | Hisham Mezher
Pingback: Complete DAG Creation via PowerShell | Just A UC Guy
Pingback: Exchange 2013 DAG Setup Guide: Reposted from several sites | Infrastructure Land
Pingback: Exchange 2013 DAG – Cloud Notes
Pingback: Installing an Exchange Server 2013 Database Availability Group