Sunday, February 19, 2012

Domain Admin group

Is it a good practice to have SQL admin in the Domain Admin group? Can SQL
admin manage SQL servers without being Domain Admin? Also, our SQL admin
manages 2 node cluster system. Would this have any implications if he is
removed from the Domain Admin group?
Thank youNo it's not needed unless the SQL Admin is also tasked with
administering everything in the network, not just SQL boxes.
Yes they can manage the boxes without being a domain admin.
You'd probably want the SQL Admin to be member of the local
admins group on the boxes where SQL is installed but doesn't
need to be a domain admin.
-Sue
On Wed, 7 Jun 2006 12:00:44 -0700, mtler
<mtler@.discussions.microsoft.com> wrote:

>Is it a good practice to have SQL admin in the Domain Admin group? Can SQL
>admin manage SQL servers without being Domain Admin? Also, our SQL admin
>manages 2 node cluster system. Would this have any implications if he is
>removed from the Domain Admin group?
>Thank you|||I'd go for a domain user account with local administrator privileges (as
opposed to a local admin account). During installation of SQL Server and
service packs on a cluster, the installer needs to remotely connect to the
node(s) from which the installation was not started. I don't think that
would be possible if it wasn't a domain user; Maybe the installer would try
remote login with the same credentials as the local admin on the box the
installation was started on, I'm not sure about that. Bottom line: If there
is no reason to do otherwise, go for the domain user+local admin solution
when administering SQL Server on a cluster.
Best regards
Nils Loeber
"Sue Hoegemeier" <Sue_H@.nomail.please> schrieb im Newsbeitrag
news:q4ie825a909l6b469ffpbi4bbk0b4kic18@.
4ax.com...
> No it's not needed unless the SQL Admin is also tasked with
> administering everything in the network, not just SQL boxes.
> Yes they can manage the boxes without being a domain admin.
> You'd probably want the SQL Admin to be member of the local
> admins group on the boxes where SQL is installed but doesn't
> need to be a domain admin.
> -Sue
> On Wed, 7 Jun 2006 12:00:44 -0700, mtler
> <mtler@.discussions.microsoft.com> wrote:
>
>
Posted by pou at 3:32 AM
Labels: , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)