Sql-server – use Default Accounts for setting up AOAGs 2014\2016

availability-groupssql serversql server 2014sql-server-2016sql-server-agent

Can anyone help me on below :

I would like change the SQL Service \ SQL Agent Service to Active Directory Accounts . But before that I would like to understand below :

Can I use the default accounts which SQL Service provides by default

  • Local Service
  • Local System
  • Network Service

If I cannot why I cannot use them ?

If I can then why should I need Windows Domain Level Service Accounts ?

Why SQL Server Agent Account needs to be added as SysAdmin , is it by default nature of SQL Server Agent Account ?

Can anyone please help me with the background of the above points in brief .

Best Answer

Can I use the default accounts which SQL Service provides by default

Yes you can use that. From Prerequisites and Recommendation for AG

if the SQL Server service is running as a built-in account, such as Local System, Local Service, or Network Service, or a nondomain account, you must use certificates for endpoint authentication, and the wizard will be unable to create a database mirroring endpoint on the server instance. In this case, we recommend that you create the database mirroring endpoints manually before you launch the wizard.

The advantage with using domain account is that they are more secured and when you configure availability groups using SSMS GUI the endpoints are created by the SSMS GUI and also granted the connect permission(. As you can note from above that when using built in account you need to create endpoints using certificates manually and grant connect permission.

You also have option of running SQL Server services with different domain account, if you do so you just need to make sure both the logins are created on remote machine in master database.

More over before changing I would suggest you to read Troubleshooting Always ON Configuration( see the accounts section)

Related Question