Documentation

win_user - Manages local Windows user accounts

New in version 1.7.

Synopsis

  • Manages local Windows user accounts
  • For non-Windows targets, use the user module instead.

Options

parameter required default choices comments
account_disabled
(added in 1.9)
no
  • yes
  • no
yes will disable the user account. no will clear the disabled flag.
account_locked
(added in 1.9)
no
  • no
no will unlock the user account if locked.
description
(added in 1.9)
no
Description of the user
fullname
(added in 1.9)
no
Full name of the user
groups
(added in 1.9)
no
Adds or removes the user from this comma-separated lis of groups, depending on the value of groups_action. When groups_action is replace and groups is set to the empty string ('groups='), the user is removed from all groups.
groups_action
(added in 1.9)
no replace
  • replace
  • add
  • remove
If replace, the user is added as a member of each group in groups and removed from any other groups. If add, the user is added to each group in groups where not already a member. If remove, the user is removed from each group in groups.
name
yes
Name of the user to create, remove or modify.
password
no
Optionally set the user's password to this (plain text) value.
password_expired
(added in 1.9)
no
  • yes
  • no
yes will require the user to change their password at next login. no will clear the expired password flag.
password_never_expires
(added in 1.9)
no
  • yes
  • no
yes will set the password to never expire. no will allow the password to expire.
state
no present
  • present
  • absent
  • query
When present, creates or updates the user account. When absent, removes the user account if it exists. When query (new in 1.9), retrieves the user account details without making any changes.
update_password
(added in 1.9)
no always
  • always
  • on_create
always will update passwords if they differ. on_create will only set the password for newly created users.
user_cannot_change_password
(added in 1.9)
no
  • yes
  • no
yes will prevent the user from changing their password. no will allow the user to change their password.

Examples

- name: Ensure user bob is present
  win_user:
    name: bob
    password: B0bP4ssw0rd
    state: present
    groups:
      - Users

- name: Ensure user bob is absent
  win_user:
    name: bob
    state: absent

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
description
The description set for the user.
user exists str Username for test
name
The name of the user
always str username
password_expired
Whether the password is expired.
user exists bool False
groups
A list of groups and their ADSI path the user is a member of.
user exists list [{'path': 'WinNT://WORKGROUP/USER-PC/Administrators', 'name': 'Administrators'}]
sid
The SID for the user.
user exists str S-1-5-21-3322259488-2828151810-3939402796-1001
account_disabled
Whether the user is disabled.
user exists bool False
path
The ADSI path for the user.
user exists str WinNT://WORKGROUP/USER-PC/username
fullname
The full name set for the user.
user exists str Test Username
password_never_expires
Whether the password is set to never expire.
user exists bool True
account_locked
Whether the user is locked.
user exists bool False
user_cannot_change_password
Whether the user can change their own password.
user exists bool False


Notes

Note

  • For non-Windows targets, use the user module instead.

Status

This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.

Maintenance Info

For more information about Red Hat’s this support of this module, please refer to this knowledge base article<https://access.redhat.com/articles/rhel-top-support-policies>

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.