Adding AD Computer Objects to Virtual Cluster Object

Hi. I am in the process of scripting the complete build and configuration of a Windows Failover Cluster. One step is to add all cluster nodes to the VCO and give them Full Control permissions. This is the one thing I can’t find anywhere - code snippets showing how to do this.

My scripting ability is intermediate but I do have the ability to read and interpret more advanced concepts (just not write them myself). Any help greatly appreciated. Thanks in advance

Russell, welcome to Please take a moment and read the very first post on top of the list of this forum: Read Me Before Posting! You’ll be Glad You Did!.

This forum is for scripting questions rather than script requests. We do not write customized and ready to use scripts or solutions on request.

What have you tried so far? Please share your code even if you think it’s not worth it or if it’s not working. Not all of us have access to a Windows Failover Cluster but we might see issues in your code when we see it. :wink:

You have to do this manually?

When you create a failover cluster by using the Create Cluster Wizard or by using Windows PowerShell, you must specify a name for the cluster. If you have sufficient permissions when you create the cluster, the cluster creation process automatically creates a computer object in AD DS that matches the cluster name. This object is called the cluster name object or CNO. Through the CNO, virtual computer objects (VCOs) are automatically created when you configure clustered roles that use client access points. For example, if you create a highly available file server with a client access point that is named FileServer1, the CNO will create a corresponding VCO in AD DS.
Taken from here. What is the reason you are required to manually do it?

Hi Olaf / Doug

First of all, I am not looking for someone to write the script for me. I simply need someone to point me in the direction of the right commands to lookup.

Secondly to Doug. Thanks for your link. I have created something like 30-40 clusters in the last 18-months, with all but the last one done completely manually. With the last one, I decided to “give it a go via PowerShell”. I have been able to do everything to create the cluster via PowerShell with the exception of this one task.

Given the awesome power of PowerShell, I would have thought manipulating security of the VCO would have been a simple task. I guess not.


Thanks guys