community.windows.win_domain_group_membership module – Manage Windows domain group membership
Note
This module is part of the community.windows collection (version 1.13.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.windows
.
To use it in a playbook, specify: community.windows.win_domain_group_membership
.
Synopsis
Allows the addition and removal of domain users and domain groups from/to a domain group.
Parameters
Parameter |
Comments |
---|---|
The password for username. |
|
Specifies the Active Directory Domain Services instance to connect to. Can be in the form of an FQDN or NetBIOS name. If not specified then the value is based on the domain of the computer running PowerShell. |
|
The username to use when interacting with AD. If this is not set then the user Ansible used to log in with will be used instead when using CredSSP or Kerberos with credential delegation. |
|
A list of members to ensure are present/absent from the group. The given names must be a SamAccountName of a user, group, service account, or computer. For computers, you must add “$” after the name; for example, to add “Mycomputer” to a group, use “Mycomputer$” as the member. If the member object is part of another domain in a multi-domain forest, you must add the domain and “\” in front of the name. |
|
Name of the domain group to manage membership on. |
|
Desired state of the members in the group. When Choices:
|
Notes
Note
This must be run on a host that has the ActiveDirectory powershell module installed.
See Also
See also
- community.windows.win_domain_user
The official documentation on the community.windows.win_domain_user module.
- community.windows.win_domain_group
The official documentation on the community.windows.win_domain_group module.
Examples
- name: Add a domain user/group to a domain group
community.windows.win_domain_group_membership:
name: Foo
members:
- Bar
state: present
- name: Remove a domain user/group from a domain group
community.windows.win_domain_group_membership:
name: Foo
members:
- Bar
state: absent
- name: Ensure only a domain user/group exists in a domain group
community.windows.win_domain_group_membership:
name: Foo
members:
- Bar
state: pure
- name: Add a computer to a domain group
community.windows.win_domain_group_membership:
name: Foo
members:
- DESKTOP$
state: present
- name: Add a domain user/group from another Domain in the multi-domain forest to a domain group
community.windows.win_domain_group_membership:
domain_server: DomainAAA.cloud
name: GroupinDomainAAA
members:
- DomainBBB.cloud\UserInDomainBBB
state: Present
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A list of members added when Returned: success and Sample: |
|
A list of all domain group members at completion; this is empty if the group contains no members. Returned: success Sample: |
|
The name of the target domain group. Returned: always Sample: |
|
A list of members removed when Returned: success and Sample: |