Can anyone help me on below :
I would like change the SQL Service \ SQL Agent Service to Active Directory Accounts . But before that I would like to understand below :
Can I use the default accounts which SQL Service provides by default
- Local Service
- Local System
- Network Service
If I cannot why I cannot use them ?
If I can then why should I need Windows Domain Level Service Accounts ?
Why SQL Server Agent Account needs to be added as SysAdmin , is it by default nature of SQL Server Agent Account ?
Can anyone please help me with the background of the above points in brief .
Best Answer
Yes you can use that. From Prerequisites and Recommendation for AG
The advantage with using domain account is that they are more secured and when you configure availability groups using SSMS GUI the endpoints are created by the SSMS GUI and also granted the connect permission(. As you can note from above that when using built in account you need to create endpoints using certificates manually and grant connect permission.
You also have option of running SQL Server services with different domain account, if you do so you just need to make sure both the logins are created on remote machine in master database.
More over before changing I would suggest you to read Troubleshooting Always ON Configuration( see the accounts section)