First published on MSDN on Dec 13, 2013
One of the responsibilities of cluster Network Name resource is to rotate the password of the computer object in Active Directory associated with it. When the Network Name resource is online, it will rotate the password according to domain and local machine policy (which is 30 days by default).
If the password is different from what is stored in the cluster database, the cluster service will be unable to logon to the computer object and the Network Name will fail to come online. This may also cause issues such as Kerberos errors, failure to register in a secure DNS zone, and live migration to fail.
The Repair Active Directory Object option is a recovery tool to re-synchronize the password for cluster computer objects. It can be found in Failover Cluster Manager (CluAdmin.msc) by right-clicking on the Network Name, selecting More Actions…, and then clicking Repair Active Directory Object.
To run Repair, the Network Name resource must be in a "Failed" or "Offline" state. Otherwise the option will be grayed out.
Repair is only available through the Failover Cluster Manager snap-in, there is no Powershell cmdlet available to script the action.
If you are running Windows Server 2012 and find that you are having to repeatedly run Repair every ~30 days, ensure you have hotfix KB2838043 installed.
Matt Kurjanowicz
Senior Software Development Engineer
Clustering & High-Availability
Microsoft
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.