ansible.windows.win_group_membership – Manage Windows local group membership

Note

This plugin is part of the ansible.windows collection.

To install it use: ansible-galaxy collection install ansible.windows.

To use it in a playbook, specify: ansible.windows.win_group_membership.

Synopsis

  • Allows the addition and removal of local, service and domain users, and domain groups from a local group.

Parameters

Parameter Choices/Defaults Comments
members
list / elements=string / required
A list of members to ensure are present/absent from the group.
Accepts local users as .\username, and SERVERNAME\username.
Accepts domain users and groups as DOMAIN\username and [email protected]
Accepts service users as NT AUTHORITY\username.
Accepts all local, domain and service user types as username, favoring domain lookups when in a domain.
name
string / required
Name of the local group to manage membership on.
state
string
    Choices:
  • absent
  • present ←
  • pure
Desired state of the members in the group.
When state is pure, only the members specified will exist, and all other existing members not specified are removed.

See Also

See also

community.windows.win_domain_group

The official documentation on the community.windows.win_domain_group module.

ansible.windows.win_domain_membership

The official documentation on the ansible.windows.win_domain_membership module.

ansible.windows.win_group

The official documentation on the ansible.windows.win_group module.

Examples

- name: Add a local and domain user to a local group
  ansible.windows.win_group_membership:
    name: Remote Desktop Users
    members:
      - NewLocalAdmin
      - DOMAIN\TestUser
    state: present

- name: Remove a domain group and service user from a local group
  ansible.windows.win_group_membership:
    name: Backup Operators
    members:
      - DOMAIN\TestGroup
      - NT AUTHORITY\SYSTEM
    state: absent

- name: Ensure only a domain user exists in a local group
  ansible.windows.win_group_membership:
    name: Remote Desktop Users
    members:
      - DOMAIN\TestUser
    state: pure

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
added
list / elements=string
success and state is present
A list of members added when state is present or pure; this is empty if no members are added.

Sample:
['SERVERNAME\\NewLocalAdmin', 'DOMAIN\\TestUser']
members
list / elements=string
success
A list of all local group members at completion; this is empty if the group contains no members.

Sample:
['DOMAIN\\TestUser', 'SERVERNAME\\NewLocalAdmin']
name
string
always
The name of the target local group.

Sample:
Administrators
removed
list / elements=string
success and state is absent
A list of members removed when state is absent or pure; this is empty if no members are removed.

Sample:
['DOMAIN\\TestGroup', 'NT AUTHORITY\\SYSTEM']


Authors

  • Andrew Saraceni (@andrewsaraceni)