Hey Folks,
I’m trying to automate the creation of a failover cluster when I deploy some instances by writing a PowerShell script that runs at start-up to achieve this.
I have a service user in AD which is the only account with permission to create the CNO for the cluster, it is configured correctly (Domain admin, local admin on all instances being deployed, etc), and all instances in the deployment are able to communicate with each other with the desired connectivity.
I’m able to manually run the Failover Cluster Manager GUI as this service user to validate/create the cluster, but I’m having some difficulties with the PowerShell scripting side of things as I’m being met with various access denied errors at every opportunity.
So far I’ve been able to manually run the Test-Cluster command by doing:
Start-Process powershell -Credential $cred -ArgumentList "Start-Process powershell -Verb RunAs"
Which gives me an elevated PS Session as the desired user after accepting the UAC prompt; allowing me to run the Test-Cluster and New-Cluster commands just fine.
However I’m unsure how to achieve this same result without having to manually accept the UAC prompt or any other dialog boxes, and any attempt to pass the above further arguments to run doesn’t seem to work.
I’ve also attempted to make use of Invoke-Command by doing things along the lines of:
Invoke-Command -ComputerName . -Credential $cred -ScriptBlock {
Test-Cluster -Node Server1, Server2
}
But this does not work and gives me:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Which I have seen a few times when trying various approaches.
Any help you could give would be much appreciated, thanks
tl;dr - I need to automate a way to switch from the local admin to the service user, elevate that session, then run the clustering commands without having to manually accept any prompts from UAC and i’m not sure how to go about it/if it is possible.