Autogenerated Active Directory objects

Article
2024-02-01

This article describes what are the Active Directory (AD) accounts and groups that SQL Server creates during a big data cluster deployment.

Note

Starting with SQL Big Data Clusters CU13, the passwords of autogenerated Active Directory objects can be easily rotated. For more information, see Autogenerated AD objects password rotation.

Important

The Microsoft SQL Server 2019 Big Data Clusters add-on will be retired. Support for SQL Server 2019 Big Data Clusters will end on February 28, 2025. All existing users of SQL Server 2019 with Software Assurance will be fully supported on the platform and the software will continue to be maintained through SQL Server cumulative updates until that time. For more information, see the announcement blog post and Big data options on the Microsoft SQL Server platform.

Accounts & groups

The user accounts and groups are generated in the provided organizational unit (OU) during cluster deployment.

Each of the accounts represents a service in Big Data Clusters. The accounts own the Service Principal Names (SPNs) required by each service.

The deployment automatically generates account and group names. Beginning with SQL Server 2019 CU5, the account or group name prefix is the deployment namespace name (big data cluster name). If the cluster name is bdc for the items on this article, replace <prefix> with bdc to identify your accounts.

The pod suffix (-x) denotes a variable pod ID below. The names below don't include a variable prefix that is user provided during deployment.

The classic account name applies to deployments using versions before SQL Server 2019 CU5 and deployments done with "useSubdomain" option set to false in security configuration.

Account or group name	More information
`<prefix>-ctrl`	Controller service account
`<prefix>-ngxm`	Monitoring service proxy service account
`<prefix>-ldap`	LDAP lookup user
`<prefix>-sqc0-x/<prefix>-sqc0`	Compute pool SQL Server user
`<prefix>-dmc0-x`	Compute pool Data Warehouse DMS user
`<prefix>-dec0-x`	Compute pool Data Warehouse Engine user
`<prefix>-sqd0`	Data pool SQL Server user
`<prefix>-sqs0`	Storage pool SQL Server user
`<prefix>-ynt0-x`	Storage pool Yarn node manager service user
`<prefix>-htt0`	Storage pool HTTP service user
`<prefix>-hdt0`	Storage pool HDFS datanode service user
`<prefix>-hdnn`	HDFS Name node service user
`<prefix>-htnn`	HDFS Name node HTTP service user
`<prefix>-kmnn-x`	Name node KMS service user
`<prefix>-jnzk-x`	Zookeeper JournalNode service users
`<prefix>-htzk`	Zookeeper HTTP service user
`<prefix>-yrsh-x`	Sparkhead Yarn Resource Manager service user
`<prefix>-htsh`	Sparkhead HTTP user
`<prefix>-shsh-x`	Sparkhead Spark history service user
`<prefix>-lvsh-x`	Sparkhead Livy service user
`<prefix>-hvsh-x`	Sparkhead Hive service user
`<prefix>-yns0-x`	Spark pool Yarn node manager service user
`<prefix>-hts0`	Spark pool Yarn node manager HTTP user
`<prefix>-knox-x`	Knox Gateway user
`<prefix>-htgw`	Knox Gateway HTTP user
`<prefix>-apst`	App setup user
`<prefix>-dmsvc`	Data Warehouse DMS Service group
`<prefix>-desvc`	Data Warehouse Engine Service group

The following section provides more details about each account. For information about groups, skip to Groups.

Controller service account

Object	Account name
Scale set name	`control`
Pod name	`control-x`
Container name	`controller`
Service name	`controller`
Account name (without prefix)	`ctrl`
Account (with namespace prefix)	`<prefix>-ctrl`
Classic account name	`ctrl-controller`

Monitor service proxy service account

Object	Account name
Scale set name	`mgmtproxy`
Pod name	`mgmtproxy-x`
Container name	`service-proxy`
Service name	`nginx`
Account (without prefix)	`ngxm`
Account (with namespace prefix)	`<prefix>-ngxm`
Classic account name	`nginx-mgmtproxy`

LDAP lookup user

Used by grafana and hadoop services to look up users through LDAP.

Object	Account name
Scale set name	`metricsui`
Pod name	`metricsui-x`
Container name	`grafana`
Service name	`grafana`
Account name (without prefix)	`ldap`
Account name (with namespace prefix)	`<prefix>-ldap`
Classic account name	`ldap-user`

Master pool accounts

Master pool SQL Server user

Object	Account name
Scale set name	`master`
Pod name	`master-x`
Container name	`mssql-server`
Service name	`mssql`
Account name (without prefix)	`sqmp-x/sqmp`
Account name (with namespace prefix)	`<prefix>-sqmp-x/<prefix>-sqmp`
Classic account name	`mssql-master-x`

Master pool Data Warehouse DMS user

Object	Account name
Scale set name	`master`
Pod name	`master-x`
Container name	`mssql-server`
Service name	`dwdms`
Account (without prefix)	`dmmp-x`
Account (with namespace prefix)	`<prefix>-dmmp-x`
Classic account name	`dwdms-master-x`

Master pool Data Warehouse Engine user

Object	Account name
Scale set name	`master`
Pod name	`master-x`
Container name	`mssql-server`
Service name	`dweng`
Account (without prefix)	`demp`
Account (with namespace prefix)	`<prefix>-demp-x`
Classic account name	`dweng-master-x`

Compute pool accounts

Compute pool SQL Server user

Object	Account name
Scale set name	`compute-0`
Pod name	`compute-0-x`
Container name	`mssql-server`
Service name	`mssql`
Account (without prefix)	`sqc0-x/sqlc0`
Account (with namespace prefix)	`<prefix>-sqc0-x/<prefix>-sqc0`
Classic account name	`mssql-compute-0-x`

Compute pool Data Warehouse DMS user

Object	Account name
Scale set name	`compute-0`
Pod name	`compute-0-x`
Container name	`mssql-server`
Service name	`dwdms`
Account (without prefix)	`dmc0-x`
Account (with namespace prefix)	`<prefix>-dmc0-x`
Classic account name	`dwdms-compute-0-x`

Compute pool Data Warehouse Engine user

Object	Account name
Scale set name	`compute-0`
Pod name	`compute-0-x`
Container name	`mssql-server`
Service name	`dweng`
Account (without prefix)	`dec0-x`
Account (with namespace prefix)	`<prefix>-dec0-x`
Classic account name	`dweng-compute-0-x`

Data pool accounts

Data pool SQL Server user

Object	Account name
Scale set name	`data-0`
Pod name	`data-0-x`
Container name	`mssql-server`
Service name	`mssql`
Account (without prefix)	`sqd0`
Account (with namespace prefix)	`<prefix>-sqd0`
Classic account name	`mssql-data-0`

Storage pool accounts

Storage pool SQL Server user

Object	Account name
Scale set name	`storage-0`
Pod name	`storage-0-x`
Container name	`mssql-server`
Service name	`mssql`
Account (without prefix)	`sqs0`
Account (with namespace prefix)	`<prefix>-sqs0`
Classic account name	`mssql-storage-0`

Storage pool Yarn node manager service user

Object	Account name
Scale set name	`storage-0`
Pod name	`storage-0-x`
Container name	`hadoop`
Service name	`Yarn Node Manager`
Account (without prefix)	`ynt0-x`
Account (with namespace prefix)	`<prefix>-ynt0-x`
Classic account name	`yarnnm-storage-0-x`

Storage pool HTTP service user

Object	Account name
Scale set name	`storage-0`
Pod name	`storage-0-x`
Container name	`hadoop`
Service name	`HDFS Datanode`
Account (without prefix)	`hdt0`
Account (with namespace prefix)	`<prefix>-hdt0`
Classic account name	`http-storage-0`

Storage pool HDFS datanode service user

Object	Account name
Scale set name	`storage-0`
Pod name	`storage-0-x`
Container name	`hadoop`
Service name	`HDFS Datanode`
Account (without prefix)	`hdt0`
Account (with namespace prefix)	`<prefix>-hdt0`
Classic account name	`hdfsdn-storage-0`

HDFS accounts

HDFS Name node service user

Object	Account name
Scale set name	`nmnode-0`
Pod name	`nmnode-0-x`
Container name	`hadoop`
Service name	`HDFS Namenode`
Account (without prefix)	`hdnn`
Account (with namespace prefix)	`<prefix>-hdnn`
Classic account name	`hdfsnn-nmnode`

HDFS Name node HTTP service user

Object	Account name
Scale set name	`nmnode-0`
Pod name	`nmnode-0-x`
Container name	`hadoop`
Service name	`HDFS Namenode`
Account (without prefix)	`htnn`
Account (with namespace prefix)	`<prefix>-htnn`
Classic account name	`http-nmnode`

KMS accounts

Name node KMS service user

Object	Account name
Scale set name	`nmnode-0`
Pod name	`nmnode-0-x`
Container name	`hadoop`
Service name	`KMS`
Account (without prefix)	`kmnn-x`
Account (with namespace prefix)	`<prefix>-kmnn-x`
Classic account name	`kms-nmnode-x`

Zookeeper accounts

Zookeeper JournalNode service users

Object	Account name
Scale set name	`zookeeper`
Pod name	`zookeeper-x`
Container name	`zookeeper`
Service name	`Journal node`
Account (without prefix)	`jnzk-x`
Account (with namespace prefix)	`<prefix>-jnzk-x`
Classic account name	`jn-zookeeper-x`

Zookeeper HTTP service user

Object	Account name
Scale set name	`zookeeper`
Pod name	`zookeeper-x`
Container name	`zookeeper`
Service name	`Zookeeper`
Account (without prefix)	`htzk`
Account (with namespace prefix)	`<prefix>-htzk`
Classic account name	`http-zookeeper`

Sparkhead Yarn Resource Manager service user

Object	Account name
Scale set name	`sparkhead`
Pod name	`sparkhead-x`
Container name	`hadoop-yarn-jobhistory`
Service name	`Yarn Resource Manager`
Account (without prefix)	`yrsh-x`
Account (with namespace prefix)	`<prefix>-yrsh-x`
Classic account name	`yarnrm-sparkhead-x`

Sparkhead HTTP user

Object	Account name
Scale set name	`sparkhead`
Pod name	`sparkhead-x`
Container name	`*`
Service name	`*`
Account (without prefix)	`htsh`
Account (with namespace prefix)	`<prefix>-htsh`
Classic account name	`http-sparkhead`

Sparkhead Spark history service user

Object	Account name
Scale set name	`sparkhead`
Pod name	`sparkhead-x`
Container name	`hadoop-livy-sparkhistory`
Service name	`Spark History Server`
Account (without prefix)	`shsh-x`
Account (with namespace prefix)	`<prefix>-shsh-x`
Classic account name	`sph-sparkhead-x`

Sparkhead Livy service user

Object	Account name
Scale set name	`sparkhead`
Pod name	`sparkhead-x`
Container name	`hadoop-livy-sparkhistory`
Service name	`Livy`
Account (without prefix)	`lvsh-x`
Account (with namespace prefix)	`<prefix>-lvsh-x`
Classic account name	`livy-sparkhead-x`

Sparkhead Hive service user

Object	Account name
Scale set name	`sparkhead`
Pod name	`sparkhead-x`
Container name	`hadoop-hivemetastore`
Service name	`Hive Metastore`
Account (without prefix)	`hvsh-x`
Account (with namespace prefix)	`<prefix>-hvsh-x`
Classic account name	`hive-sparkhead-x`

Spark pool Yarn node manager service user

Object	Account name
Scale set name	`spark-0`
Pod name	`spark-0-x`
Container name	`hadoop`
Service name	`Yarn Node Manager`
Account (without prefix)	`yns0-x`
Account (with namespace prefix)	`<prefix>-yns0-x`
Classic account name	`yarnnm-spark-0-x`

Spark pool Yarn node manager HTTP user

Object	Account name
Scale set name	`spark-0`
Pod name	`spark-0-x`
Container name	`hadoop`
Service name	`Yarn Node Manager`
Account (without prefix)	`hts0`
Account (with namespace prefix)	`<prefix>-hts0`
Classic account name	`http-spark-0`

Knox accounts

Knox Gateway user

Object	Account name
Scale set name	`gateway`
Pod name	`gateway-x`
Container name	`knox`
Service name	`Knox`
Account (without prefix)	`knox-x`
Account (with namespace prefix)	`<prefix>-knox-x`
Classic account name	`knox-gateway-x`

Knox Gateway HTTP user

Object	Account name
Scale set name	`gateway`
Pod name	`gateway-x`
Container name	`knox`
Service name	`Knox`
Account (without prefix)	`htgw`
Account (with namespace prefix)	`<prefix>-htgw`
Classic account name	`http-gateway`

App accounts

App setup user

Object	Account name
Scale set name	`appproxy`
Pod name	`appproxy-x`
Container name	`App Service Proxy`
Service name	`nginx`
Account (without prefix)	`apst`
Account (with namespace prefix)	`<prefix>-apst`
Classic account name	`app-setup`

Groups

The following groups are created in the OU provided by the user. The members of the groups are the users created above for the corresponding services.

Data Warehouse DMS Service group

Object	Group name
Scale set name	`master/compute-0`
Pod name	`master-x/compute-0-x`
Container name	`mssql-server`
Service name	`dwdms`
Group (without prefix)	`dmsvc`
Account (with namespace prefix)	`<prefix>-dmsvc`
Classic account name	`dwdms-service`

Data Warehouse Engine Service group

Object	Group name
Scale set name	`master/compute-0`
Pod name	`master-x/compute-0-x`
Container name	`mssql-server`
Service name	`dweng`
Group (without prefix)	`desvc`
Account (with namespace prefix)	`<prefix>-desvc`
Classic account name	`desvc`

Share via