Failover Clustering and Network Load Balancing Team Blog
Something changed the CNO’s password without the CNO knowing.
One of the responsibilities of Network Name resources is to rotate the passwords of the machine accounts. While it is online, each network name changes its password according to domain and local machine policy. Because the CNO has full permissions over all the VCOs in the cluster, VCO Network Names will repair themselves, under the guise of the CNO, if the password gets out of sync.
But, if the CNO password is different from what is stored in the cluster database, no Network Names in the cluster will be able to come online. The Repair Active Directory Object option fixes this password. This can be accessed through the UI by right-clicking on the offline Network Name, selecting More Actions…, then clicking Repair Active Directory Object.
Since this operation modifies an Active Directory Object, you will need the correct permissions. This should be run in the Cluster Administrator snap-in from an account that has Special Permissions over the CNO in Active Directory. This is usually the account that created the cluster. If you cannot find anyone who has these permissions, you will need to find a Domain Administrator.
Thanks,Matt KurjanowiczSoftware Development EngineerClustering & High Availabilty
PingBack from http://mstechnews.info/2008/11/what-is-the-purpose-of-the-%e2%80%9crepair-active-directory-object%e2%80%9d-option/
PingBack from http://www.tmao.info/what-is-the-purpose-of-the-%e2%80%9crepair-active-directory-object%e2%80%9d-option/
PingBack from http://outdoorceilingfansite.info/story.php?id=4447
Is there a way to perform this operation from a command line or powershell?
No, there is not a way to do a Repair on a Network Name resource from PowerShell. Hopefully it is a rarely (if ever) needed recovery mechanism that you don't need to script.