SQL Server and Failover Cluster service account minimum roles best practice?
Can you please explain and help me why the Service account for SQL Server and the Cluster Failover service account Primary group are set to Domain Admins rather than Domain Users?
Is this really required for SQL Server and SQL Servers running on MSCS Failover Cluster?
Please provide some documentation to explain whether this is the required privilege for the service account.
If there is recommended practice to follow for a minimum privilege role for the SQL Server and Failover cluster (MSCS) service account, that'd be greatly appreciated.
Hi @Robbie Varn ,
Thank you for the response, yeah, I thought so, I am still searching for the documentation as well to make sure that I am able to demote the service account safely as the Cluster and the SQL server is now running in production.
Sign in to comment