Autogenerated Active Directory objects

This article describes what are the Active Directory (AD) accounts and groups that SQL Server creates during a big data cluster deployment.

Note

Starting with SQL Big Data Clusters CU13, the passwords of autogenerated Active Directory objects can be easily rotated. For more information, see Autogenerated AD objects password rotation.

Important

The Microsoft SQL Server 2019 Big Data Clusters add-on will be retired. Support for SQL Server 2019 Big Data Clusters will end on February 28, 2025. All existing users of SQL Server 2019 with Software Assurance will be fully supported on the platform and the software will continue to be maintained through SQL Server cumulative updates until that time. For more information, see the announcement blog post and Big data options on the Microsoft SQL Server platform.

Accounts & groups

The user accounts and groups are generated in the provided organizational unit (OU) during cluster deployment.

Each of the accounts represents a service in Big Data Clusters. The accounts own the Service Principal Names (SPNs) required by each service.

The deployment automatically generates account and group names. Beginning with SQL Server 2019 CU5, the account or group name prefix is the deployment namespace name (big data cluster name). If the cluster name is bdc for the items on this article, replace <prefix> with bdc to identify your accounts.

The pod suffix (-x) denotes a variable pod ID below. The names below don't include a variable prefix that is user provided during deployment.

The classic account name applies to deployments using versions before SQL Server 2019 CU5 and deployments done with "useSubdomain" option set to false in security configuration.

Account or group name	More information
<prefix>-ctrl	Controller service account
<prefix>-ngxm	Monitoring service proxy service account
<prefix>-ldap	LDAP lookup user
<prefix>-sqc0-x/<prefix>-sqc0	Compute pool SQL Server user
<prefix>-dmc0-x	Compute pool Data Warehouse DMS user
<prefix>-dec0-x	Compute pool Data Warehouse Engine user
<prefix>-sqd0	Data pool SQL Server user
<prefix>-sqs0	Storage pool SQL Server user
<prefix>-ynt0-x	Storage pool Yarn node manager service user
<prefix>-htt0	Storage pool HTTP service user
<prefix>-hdt0	Storage pool HDFS datanode service user
<prefix>-hdnn	HDFS Name node service user
<prefix>-htnn	HDFS Name node HTTP service user
<prefix>-kmnn-x	Name node KMS service user
<prefix>-jnzk-x	Zookeeper JournalNode service users
<prefix>-htzk	Zookeeper HTTP service user
<prefix>-yrsh-x	Sparkhead Yarn Resource Manager service user
<prefix>-htsh	Sparkhead HTTP user
<prefix>-shsh-x	Sparkhead Spark history service user
<prefix>-lvsh-x	Sparkhead Livy service user
<prefix>-hvsh-x	Sparkhead Hive service user
<prefix>-yns0-x	Spark pool Yarn node manager service user
<prefix>-hts0	Spark pool Yarn node manager HTTP user
<prefix>-knox-x	Knox Gateway user
<prefix>-htgw	Knox Gateway HTTP user
<prefix>-apst	App setup user
<prefix>-dmsvc	Data Warehouse DMS Service group
<prefix>-desvc	Data Warehouse Engine Service group

The following section provides more details about each account. For information about groups, skip to Groups.

Controller, management, & LDAP related accounts

Controller service account

Object	Account name
Scale set name	control
Pod name	control-x
Container name	controller
Service name	controller
Account name (without prefix)	ctrl
Account (with namespace prefix)	<prefix>-ctrl
Classic account name	ctrl-controller

Monitor service proxy service account

Object	Account name
Scale set name	mgmtproxy
Pod name	mgmtproxy-x
Container name	service-proxy
Service name	nginx
Account (without prefix)	ngxm
Account (with namespace prefix)	<prefix>-ngxm
Classic account name	nginx-mgmtproxy

LDAP lookup user

Used by grafana and hadoop services to look up users through LDAP.

Object	Account name
Scale set name	metricsui
Pod name	metricsui-x
Container name	grafana
Service name	grafana
Account name (without prefix)	ldap
Account name (with namespace prefix)	<prefix>-ldap
Classic account name	ldap-user

Master pool accounts

Master pool SQL Server user

Object	Account name
Scale set name	master
Pod name	master-x
Container name	mssql-server
Service name	mssql
Account name (without prefix)	sqmp-x/sqmp
Account name (with namespace prefix)	<prefix>-sqmp-x/<prefix>-sqmp
Classic account name	mssql-master-x

Master pool Data Warehouse DMS user

Object	Account name
Scale set name	master
Pod name	master-x
Container name	mssql-server
Service name	dwdms
Account (without prefix)	dmmp-x
Account (with namespace prefix)	<prefix>-dmmp-x
Classic account name	dwdms-master-x

Master pool Data Warehouse Engine user

Object	Account name
Scale set name	master
Pod name	master-x
Container name	mssql-server
Service name	dweng
Account (without prefix)	demp
Account (with namespace prefix)	<prefix>-demp-x
Classic account name	dweng-master-x

Compute pool accounts

Compute pool SQL Server user

Object	Account name
Scale set name	compute-0
Pod name	compute-0-x
Container name	mssql-server
Service name	mssql
Account (without prefix)	sqc0-x/sqlc0
Account (with namespace prefix)	<prefix>-sqc0-x/<prefix>-sqc0
Classic account name	mssql-compute-0-x

Compute pool Data Warehouse DMS user

Object	Account name
Scale set name	compute-0
Pod name	compute-0-x
Container name	mssql-server
Service name	dwdms
Account (without prefix)	dmc0-x
Account (with namespace prefix)	<prefix>-dmc0-x
Classic account name	dwdms-compute-0-x

Compute pool Data Warehouse Engine user

Object	Account name
Scale set name	compute-0
Pod name	compute-0-x
Container name	mssql-server
Service name	dweng
Account (without prefix)	dec0-x
Account (with namespace prefix)	<prefix>-dec0-x
Classic account name	dweng-compute-0-x

Data pool accounts

Data pool SQL Server user

Object	Account name
Scale set name	data-0
Pod name	data-0-x
Container name	mssql-server
Service name	mssql
Account (without prefix)	sqd0
Account (with namespace prefix)	<prefix>-sqd0
Classic account name	mssql-data-0

Storage pool accounts

Storage pool SQL Server user

Object	Account name
Scale set name	storage-0
Pod name	storage-0-x
Container name	mssql-server
Service name	mssql
Account (without prefix)	sqs0
Account (with namespace prefix)	<prefix>-sqs0
Classic account name	mssql-storage-0

Storage pool Yarn node manager service user

Object	Account name
Scale set name	storage-0
Pod name	storage-0-x
Container name	hadoop
Service name	Yarn Node Manager
Account (without prefix)	ynt0-x
Account (with namespace prefix)	<prefix>-ynt0-x
Classic account name	yarnnm-storage-0-x

Storage pool HTTP service user

Object	Account name
Scale set name	storage-0
Pod name	storage-0-x
Container name	hadoop
Service name	HDFS Datanode
Account (without prefix)	hdt0
Account (with namespace prefix)	<prefix>-hdt0
Classic account name	http-storage-0

Storage pool HDFS datanode service user

Object	Account name
Scale set name	storage-0
Pod name	storage-0-x
Container name	hadoop
Service name	HDFS Datanode
Account (without prefix)	hdt0
Account (with namespace prefix)	<prefix>-hdt0
Classic account name	hdfsdn-storage-0

HDFS accounts

HDFS Name node service user

Object	Account name
Scale set name	nmnode-0
Pod name	nmnode-0-x
Container name	hadoop
Service name	HDFS Namenode
Account (without prefix)	hdnn
Account (with namespace prefix)	<prefix>-hdnn
Classic account name	hdfsnn-nmnode

HDFS Name node HTTP service user

Object	Account name
Scale set name	nmnode-0
Pod name	nmnode-0-x
Container name	hadoop
Service name	HDFS Namenode
Account (without prefix)	htnn
Account (with namespace prefix)	<prefix>-htnn
Classic account name	http-nmnode

KMS accounts

Name node KMS service user

Object	Account name
Scale set name	nmnode-0
Pod name	nmnode-0-x
Container name	hadoop
Service name	KMS
Account (without prefix)	kmnn-x
Account (with namespace prefix)	<prefix>-kmnn-x
Classic account name	kms-nmnode-x

Zookeeper accounts

Zookeeper JournalNode service users

Object	Account name
Scale set name	zookeeper
Pod name	zookeeper-x
Container name	zookeeper
Service name	Journal node
Account (without prefix)	jnzk-x
Account (with namespace prefix)	<prefix>-jnzk-x
Classic account name	jn-zookeeper-x

Zookeeper HTTP service user

Object	Account name
Scale set name	zookeeper
Pod name	zookeeper-x
Container name	zookeeper
Service name	Zookeeper
Account (without prefix)	htzk
Account (with namespace prefix)	<prefix>-htzk
Classic account name	http-zookeeper

Spark related accounts

Sparkhead Yarn Resource Manager service user

Object	Account name
Scale set name	sparkhead
Pod name	sparkhead-x
Container name	hadoop-yarn-jobhistory
Service name	Yarn Resource Manager
Account (without prefix)	yrsh-x
Account (with namespace prefix)	<prefix>-yrsh-x
Classic account name	yarnrm-sparkhead-x

Sparkhead HTTP user

Object	Account name
Scale set name	sparkhead
Pod name	sparkhead-x
Container name	*
Service name	*
Account (without prefix)	htsh
Account (with namespace prefix)	<prefix>-htsh
Classic account name	http-sparkhead

Sparkhead Spark history service user

Object	Account name
Scale set name	sparkhead
Pod name	sparkhead-x
Container name	hadoop-livy-sparkhistory
Service name	Spark History Server
Account (without prefix)	shsh-x
Account (with namespace prefix)	<prefix>-shsh-x
Classic account name	sph-sparkhead-x

Sparkhead Livy service user

Object	Account name
Scale set name	sparkhead
Pod name	sparkhead-x
Container name	hadoop-livy-sparkhistory
Service name	Livy
Account (without prefix)	lvsh-x
Account (with namespace prefix)	<prefix>-lvsh-x
Classic account name	livy-sparkhead-x

Sparkhead Hive service user

Object	Account name
Scale set name	sparkhead
Pod name	sparkhead-x
Container name	hadoop-hivemetastore
Service name	Hive Metastore
Account (without prefix)	hvsh-x
Account (with namespace prefix)	<prefix>-hvsh-x
Classic account name	hive-sparkhead-x

Spark pool Yarn node manager service user

Object	Account name
Scale set name	spark-0
Pod name	spark-0-x
Container name	hadoop
Service name	Yarn Node Manager
Account (without prefix)	yns0-x
Account (with namespace prefix)	<prefix>-yns0-x
Classic account name	yarnnm-spark-0-x

Spark pool Yarn node manager HTTP user

Object	Account name
Scale set name	spark-0
Pod name	spark-0-x
Container name	hadoop
Service name	Yarn Node Manager
Account (without prefix)	hts0
Account (with namespace prefix)	<prefix>-hts0
Classic account name	http-spark-0

Knox accounts

Knox Gateway user

Object	Account name
Scale set name	gateway
Pod name	gateway-x
Container name	knox
Service name	Knox
Account (without prefix)	knox-x
Account (with namespace prefix)	<prefix>-knox-x
Classic account name	knox-gateway-x

Knox Gateway HTTP user

Object	Account name
Scale set name	gateway
Pod name	gateway-x
Container name	knox
Service name	Knox
Account (without prefix)	htgw
Account (with namespace prefix)	<prefix>-htgw
Classic account name	http-gateway

App accounts

App setup user

Object	Account name
Scale set name	appproxy
Pod name	appproxy-x
Container name	App Service Proxy
Service name	nginx
Account (without prefix)	apst
Account (with namespace prefix)	<prefix>-apst
Classic account name	app-setup

Groups

The following groups are created in the OU provided by the user. The members of the groups are the users created above for the corresponding services.

Data Warehouse DMS Service group

Object	Group name
Scale set name	master/compute-0
Pod name	master-x/compute-0-x
Container name	mssql-server
Service name	dwdms
Group (without prefix)	dmsvc
Account (with namespace prefix)	<prefix>-dmsvc
Classic account name	dwdms-service

Data Warehouse Engine Service group

Object	Group name
Scale set name	master/compute-0
Pod name	master-x/compute-0-x
Container name	mssql-server
Service name	dweng
Group (without prefix)	desvc
Account (with namespace prefix)	<prefix>-desvc
Classic account name	desvc

Related content

• Deploy SQL Server Big Data Clusters in Active Directory mode
• Deploy multiple SQL Server Big Data Clusters in the same Active Directory domain
• Autogenerated Active Directory objects password rotation