Hi, I read up on the following weblinks;
http://blogs.msdn.com/b/clustering/archive/2012/03/30/10289577.aspx& http://blogs.msdn.com/b/clustering/archive/2012/05/01/10299698.aspx?CommentPosted=true#commentmessage
According to these sites, there are a couple of changes to the functionality of the PowerShell cmdlets that comes with FailoverClustering in Windows 2008R2 and 2012. By default 2012 will try to place / create CNO in the OU path where the nodes exists in AD, and the vCNO will be created where the CNO resides. Then, if you want to be able to control it using POSH when creating a cluster in 2012, you can specify the DN on the New-Cluster -Name parameter.
That's all fine - I buy it... but when creating vCNO's and you are using a locked down / restricted AD setup where you dont everyone and their brother being able to create computer objects everywhere - does the same functionality of providing the DN of the new computer object to the other cmdlets such as Add-ClusterFileServerRole & Add-ClusterGenericApplicationRole also provide you with the same functionality of providing the DN to the name parameter? I tried it on my test cluster and I did not get it to work? So am I doing it wrong and missing out on something or do you I need to open up the permission for ALL potential administrators to create computer object potentiallay all over the AD structure OU paths? I just want to know, cause that is a huge security concern from my end... I want more control, not less! If that means that I have to specify the DN to the Name parameter of the cmdlet, so be it, but I want the option.... just like with New-Cluster!
br4tt3