In windows server 2003, the cluster required the use of a Cluster Service Account (CSA). The cluster service as well as resources used this regular domain user account to login. The CSA presented some problems, the most obvious of which was requiring administrators to rotate this password every so often.
In Windows Server 2008, this requirement was removed. To replace the CSA, Microsoft created the Cluster Name Object (CNO). This is a Network Name resource that acts as the identity of the Cluster. This CNO in turn owns all of the Virtual Computer Objects (VCO) in the cluster. The VCOs are the computer names to which clients connect. The cluster service and cluster resources, now impersonate the CNO or the proper VCO.
To give an example, suppose you created a cluster named “BAYEXCH1” and this cluster hosts two applications, named “baysrv1” and “baysrv2.” Active Directory will contain three computer objects – BAYEXCH1, baysrv1, and baysrv2. BAYEXCH1 will be the owner of baysrv1 and baysrv2.
For more information about Active Directory with Failover Clustering, check out our TechNet guide on Configuring Accounts for Active Directory: http://technet.microsoft.com/en-us/library/cc731002.aspx.