SQL Server – Setting Up Listener for AlwaysOn Availability Groups Without AD Rights

availability-groupslistenersql server

Is there a way to create a sql server alwayson listener in an active directory (AD) environment where I don’t have create computer object rights? The AD admin created a computername for me. Is there a way to connect it to the Listener?
The following TSQL fails because I don’t have create objects rights in the AD.

USE [master] GO ALTER AVAILABILITY GROUP [VG-AdventureWorks2014] ADD LISTENER N'DNSCOMPUTERNAME' ( WITH IP ((N'XXX.XXX.XXX.XXX', N'255.XXX.XXX.XX') ) , PORT=1431); GO

Company policy does not allow AD rights for the DBA.

Best Answer

There is one proper way to pre-stage the listener and one way to allow the cluster to create the listener itself. Please note that YOUR account is not what is used to authorize to AD to create the listener when creating it through FCM/Powershell or SQL Server, the CNO is used as security context.

The official pre-stage way

Find the OU with the CNO in it
Create a computer object, name it your DNS listener name
Set the security on the new VCO and give the CNO full control over it (full isn't required but the list of needs is fairly long so just give it full control)
Create the listener through SSMS/TSQL/Powershell

The official automatic creation way

Give the CNO Create computer objects, list properties, read properties, write properties over the OU it resides in.
Create the listener through SSMS/TSQL/Powershell

They way that is listed in the other answer given is a mix of the pre-staging way with how to create multiple listeners. Additionally it has improper configuration when it comes to the security and will most likely come back to bite you if you do it that way.

Best Answer

Related Solutions

SQL Server – Service Broker & AlwaysOn Availability Groups Transmission Queue Behavior

Sql-server – SQL Server 2012 Availability Group issue

Related Question