Documentation

win_domain_controller - Manage domain controller/member server state for a Windows host

New in version 2.3.

Synopsis

  • Ensure that a Windows Server 2012+ host is configured as a domain controller or demoted to member server. This module may require subsequent use of the win_reboot action if changes are made.

Options

parameter required default choices comments
dns_domain_name
no
when state is domain_controller, the DNS name of the domain for which the targeted Windows host should be a DC
domain_admin_password
yes
password for the specified domain_admin_user
domain_admin_user
yes
username of a domain admin for the target domain (necessary to promote or demote a domain controller)
local_admin_password
no
password to be assigned to the local Administrator user (required when state is member_server)
safe_mode_password
no
safe mode password for the domain controller (required when state is domain_controller)
state
no
  • domain_controller
  • member_server
whether the target host should be a domain controller or a member server

Examples

# ensure a server is a domain controller
- hosts: winclient
  gather_facts: no
  tasks:
  - win_domain_controller:
      dns_domain_name: ansible.vagrant
      domain_admin_user: [email protected]
      domain_admin_password: password123!
      safe_mode_password: password123!
      state: domain_controller
      log_path: c:\ansible_win_domain_controller.txt

# ensure a server is not a domain controller
# note that without an action wrapper, in the case where a DC is demoted,
# the task will fail with a 401 Unauthorized, because the domain credential
# becomes invalid to fetch the final output over WinRM. This requires win_async
# with credential switching (or other clever credential-switching
# mechanism to get the output and trigger the required reboot)
- hosts: winclient
  gather_facts: no
  tasks:
  - win_domain_controller:
      domain_admin_user: [email protected]
      domain_admin_password: password123!
      local_admin_password: password123!
      state: member_server
      log_path: c:\ansible_win_domain_controller.txt

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
reboot_required
True if changes were made that require a reboot.
always boolean True


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance Info

For more information about Red Hat’s this support of this module, please refer to this knowledge base article<https://access.redhat.com/articles/rhel-top-support-policies>

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.