Documentation

win_domain_controller - Manage domain controller/member server state for a Windows host

New in version 2.3.

Synopsis

  • Ensure that a Windows Server 2012+ host is configured as a domain controller or demoted to member server. This module may require subsequent use of the win_reboot action if changes are made.

Options

parameter required default choices comments
dns_domain_name
no
when state is domain_controller, the DNS name of the domain for which the targeted Windows host should be a DC
domain_admin_password
yes
password for the specified domain_admin_user
domain_admin_user
yes
username of a domain admin for the target domain (necessary to promote or demote a domain controller)
local_admin_password
no
password to be assigned to the local Administrator user (required when state is member_server)
safe_mode_password
no
safe mode password for the domain controller (required when state is domain_controller)
state
no
  • domain_controller
  • member_server
whether the target host should be a domain controller or a member server

Examples

# ensure a server is a domain controller
- hosts: winclient
  gather_facts: no
  tasks:
  - win_domain_controller:
      dns_domain_name: ansible.vagrant
      domain_admin_user: [email protected]
      domain_admin_password: password123!
      safe_mode_password: password123!
      state: domain_controller
      log_path: c:\ansible_win_domain_controller.txt

# ensure a server is not a domain controller
# note that without an action wrapper, in the case where a DC is demoted,
# the task will fail with a 401 Unauthorized, because the domain credential
# becomes invalid to fetch the final output over WinRM. This requires win_async
# with credential switching (or other clever credential-switching
# mechanism to get the output and trigger the required reboot)
- hosts: winclient
  gather_facts: no
  tasks:
  - win_domain_controller:
      domain_admin_user: [email protected]
      domain_admin_password: password123!
      local_admin_password: password123!
      state: member_server
      log_path: c:\ansible_win_domain_controller.txt

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
reboot_required True if changes were made that require a reboot. always boolean True


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Support

This module is maintained by those with core commit privileges

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.