Cluster Name Object Pre-staging

Posted on by

Ex2013 LogoWhen creating a Database Availability Group (DAG) in Exchange 2010 or Exchange 2013 you leverage Fail-over Clustering from the operating system, e.g. Windows Server 2008 R2.

Behind the scenes Kerberos authentication is used, for which a so called Cluster Name Object (CNO) has to be created in Active Directory. This CNO will be associated with the Cluster Name Resource.

Depending on the situation, like having the ability to create computer accounts in the domain, you may need to create – or pre-stage – the cluster name object as  computer account upfront. For Exchange 2013 on Windows Server 2012, pre-staging the CNO is a requirement. This manual task is described here.

However, there may be circumstances where having the ability to automate the process would be more appropriate, like when you want a fully automated setting up a DAG for example. For this purpose I have created a small script, Create-CNO.ps1. The syntax is as follows:

Create-CNO.ps1 [-Identity] <String> [[-Computers] <Array>] [[-OU] <String>

A small explanation of the available parameters:

  • The Identity is used to specify the name of the CNO;
  • The optional Computers parameter can be used to specify the computer account which should be granted permissions on the CNO. You can specify multiple accounts seperated by commas (when for example you’re not sure which your will be used to create the DAG). When the Computers parameter is omitted, the Exchange Trusted Subsystem will be granted permissions on the CNO;
  • OU is the name of the container to create the CNO in. When not specified, the default container for computer accounts will be used. This is done by querying for the Well-Known GUID for the computers container, aa312825768811d1aded00c04fd8d5cd (more on Well-Known GUIDs here). Note that when specifying the OU, you need to enclose it in quotes otherwise PowerShell will assume the parameter is an array;
  • The Verbose parameter is supported.

So, for example assume you want to create a DAG called DAG001 and the first Mailbox Server will be L14Ex1. The computer object for the cluster is to be stored in the OU ou=Temp,dc=litware,dc=com. In that case, you would call the script as follows:

Create-CNO.ps1 –Identity DAG001 –Computers L14EX1 –OU “ou=Temp,dc=litware,dc=com” –Verbose

If you want to grant Exchange Trusted Subsystem permissions as well and let the script look up the CNO name, you can use:

Create-CNO.ps1 –Identity DAG001 –Verbose

create-cno-1You can download the script from the TechNet Gallery here.

10 thoughts on “Cluster Name Object Pre-staging

  2. Pingback: NeWay Technologies – Weekly Newsletter #22 – December 20, 2012NeWay | NeWay

  3. Pingback: Installing an Exchange Server 2013 Database Availability Group

  4. Hi Michel,
    I’m getting an error at Line 41 Character 1 – Unexpected attribute cmdletbinding – unexpected token ‘param’ in expression or statement
    I get it with both the OU qualified or just the plain command. Running Server 2012 fully patched.
    Thanks
    Tony

    Like

    Reply

  5. Pingback: Installing an Exchange Server 2013 Database Availability Group | Hisham Mezher

  6. Pingback: Complete DAG Creation via PowerShell | Just A UC Guy

  7. Pingback: Exchange 2013 DAG Setup Guide: Reposted from several sites | Infrastructure Land

  8. Pingback: Exchange 2013 DAG – Cloud Notes

  9. Pingback: Installing an Exchange Server 2013 Database Availability Group

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.