Failover Clustering and Network Load Balancing Team Blog
One of the responsibilities of cluster Network Name resource is to rotate the password of the computer object in Active Directory associated with it. When the Network Name resource is online, it will rotate the password according to domain and local machine policy (which is 30 days by default).
If the password is different from what is stored in the cluster database, the cluster service will be unable to logon to the computer object and the Network Name will fail to come online. This may also cause issues such as Kerberos errors, failure to register in a secure DNS zone, and live migration to fail.
The Repair Active Directory Object option is a recovery tool to re-synchronize the password for cluster computer objects. It can be found in Failover Cluster Manager (CluAdmin.msc) by right-clicking on the Network Name, selecting More Actions…, and then clicking Repair Active Directory Object.
To run Repair, the Network Name resource must be in a "Failed" or "Offline" state. Otherwise the option will be grayed out.
Repair is only available through the Failover Cluster Manager snap-in, there is no Powershell cmdlet available to script the action.
If you are running Windows Server 2012 and find that you are having to repeatidly run Repair every ~30 days, ensure you have hotfix KB2838043 installed.
Matt KurjanowiczSenior Software Development EngineerClustering & High-AvailabilityMicrosoft
PingBack from http://mstechnews.info/2008/11/what-is-the-purpose-of-the-%e2%80%9crepair-active-directory-object%e2%80%9d-option/
PingBack from http://www.tmao.info/what-is-the-purpose-of-the-%e2%80%9crepair-active-directory-object%e2%80%9d-option/
PingBack from http://outdoorceilingfansite.info/story.php?id=4447
Is there a way to perform this operation from a command line or powershell?
No, there is not a way to do a Repair on a Network Name resource from PowerShell. Hopefully it is a rarely (if ever) needed recovery mechanism that you don't need to script.
The "Repair Active Directory Object" is greyed-out for me. The CNO object is in AD and I have the "reset password" permission. Is there a way to get the passwords in sync manually?
The Network Name resource must be in an Offline or Failed state to run Repair against it. My guess is that your resource is in an Online state, which is why it is grayed out.
Unfortunately, the network name will not come online and none of the other cluster services and applications will come online. The only things that come online are the disks and the cluster IP address.
On the 2012 R2, is there any news about the hotfix for the repair bug :Repair on Cluster Name Fails with Error 5048?
I have finished the forest and domain level migration to 2012 r2. But that doesn't change anything (I was thinking that was about the 2003 domain level).
Will the repair operation affect the VM on the host？