community.windows.win_domain_group module – Creates, modifies or removes domain groups
Note
This module is part of the community.windows collection (version 1.13.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.windows.
To use it in a playbook, specify: community.windows.win_domain_group.
Synopsis
Creates, modifies or removes groups in Active Directory.
For local groups, use the ansible.windows.win_group module instead.
Parameters
Parameter |
Comments |
|---|---|
A dict of custom LDAP attributes to set on the group. This can be used to set custom attributes that are not exposed as module parameters, e.g. See the examples on how to format this parameter. |
|
The category of the group, this is the value to assign to the LDAP If a new group is created then Choices:
|
|
The value to be assigned to the LDAP |
|
The value to assign to the LDAP |
|
The password for |
|
Specifies the Active Directory Domain Services instance to connect to. Can be in the form of an FQDN or NetBIOS name. If not specified then the value is based on the domain of the computer running PowerShell. |
|
The username to use when interacting with AD. If this is not set then the user Ansible used to log in with will be used instead. |
|
Will ignore the The module will fail if one of these actions need to occur and this value is set to Choices:
|
|
The value to be assigned to the LDAP This value can be in the forms |
|
The name of the group to create, modify or remove. This value can be in the forms |
|
The full LDAP path to create or move the group to. This should be the path to the parent object to create or move the group to. See examples for details of how this path is formed. |
|
Will set the This flag stops a user from deleting or moving a group to a different path. Choices:
|
|
The scope of the group. If Choices:
|
|
If If Choices:
|
Notes
Note
This must be run on a host that has the ActiveDirectory powershell module installed.
See Also
See also
- ansible.windows.win_domain
Ensures the existence of a Windows domain.
- ansible.windows.win_domain_controller
Manage domain controller/member server state for a Windows host.
- community.windows.win_domain_computer
Manage computers in Active Directory.
- ansible.windows.win_domain_membership
Manage domain/workgroup membership for a Windows host.
- community.windows.win_domain_user
Manages Windows Active Directory user accounts.
- ansible.windows.win_group
Add and remove local groups.
- ansible.windows.win_group_membership
Manage Windows local group membership.
Examples
- name: Ensure the group Cow exists using sAMAccountName
community.windows.win_domain_group:
name: Cow
scope: global
path: OU=groups,DC=ansible,DC=local
- name: Ensure the group Cow doesn't exist using the Distinguished Name
community.windows.win_domain_group:
name: CN=Cow,OU=groups,DC=ansible,DC=local
state: absent
- name: Delete group ignoring the protection flag
community.windows.win_domain_group:
name: Cow
state: absent
ignore_protection: yes
- name: Create group with delete protection enabled and custom attributes
community.windows.win_domain_group:
name: Ansible Users
scope: domainlocal
category: security
attributes:
mail: [email protected]
wWWHomePage: www.ansible.com
ignore_protection: yes
- name: Change the OU of a group using the SID and ignore the protection flag
community.windows.win_domain_group:
name: S-1-5-21-2171456218-3732823212-122182344-1189
scope: global
organizational_unit: OU=groups,DC=ansible,DC=local
ignore_protection: yes
- name: Add managed_by user
community.windows.win_domain_group:
name: Group Name Here
managed_by: Domain Admins
- name: Add group and specify the AD domain services to use for the create
community.windows.win_domain_group:
name: Test Group
domain_username: [email protected]
domain_password: Password01!
domain_server: corp-DC12.corp.ansible.com
scope: domainlocal
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
Custom attributes that were set by the module. This does not show all the custom attributes rather just the ones that were set by the module. Returned: group exists and attributes are set on the module invocation Sample: |
|
The canonical name of the group. Returned: group exists Sample: |
|
The Group type value of the group, i.e. Security or Distribution. Returned: group exists Sample: |
|
Whether a group was created Returned: always Sample: |
|
The Description of the group. Returned: group exists Sample: |
|
The Display name of the group. Returned: group exists Sample: |
|
The full Distinguished Name of the group. Returned: group exists Sample: |
|
The Group scope value of the group. Returned: group exists Sample: |
|
The guid of the group. Returned: group exists Sample: |
|
The full Distinguished Name of the AD object that is set on the managedBy attribute. Returned: group exists Sample: |
|
The name of the group. Returned: group exists Sample: |
|
Whether the group is protected from accidental deletion. Returned: group exists Sample: |
|
The Security ID of the group. Returned: group exists Sample: |