Allen White

Problem Changing SQL Service Account on Clustered Servers

I ran into a problem attempting to change my service account on the clustered servers from an administrative account to a non-privileged account under SQL Server 2005 Enterprise Edition. When I change the login properties in Configuration Manager I kept getting the following error:

"The user already belongs to this group"

I was then prevented from making any changes to the service account. I didn't know what I was supposed to do at this point to resolve the problem, so I asked for assistance on the MSDN and the SQLServerCentral.com forums.

After not getting any responses, I started poking around ADS and with help from my friendly network administrator I was able to solve the problem. When I'd first upgraded the servers I'd specified the non-admin account as the execution account for SQL Server, but I hadn't given that account sufficient file system rights, and the server failed. I solved the problem by starting the server under the account that had local admin rights. I then figured out what rights were required (full control in the SQL data file folders, not just read/write) and granted those rights. This is where I started getting the error identified in this post.

During the SQL cluster install you're required to provide domain groups for the cluster services for SQL Server, Agent and the Fulltext services. The error was caused because the non-admin account was already in these domain groups. (You'd think that the Configuration Manager program would check to see if the user was in the group and move on if so, but this is not the case.) By deleting the non-admin account from these groups I was able to change the service account for the SQL Server services to the non-admin account.

Allen