You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

win_domain_controller - Manage domain controller/member server state for a Windows host¶

New in version 2.3.

Synopsis
Options
Examples
Return Values
- Status
- Maintenance Info

Synopsis ¶

Ensure that a Windows Server 2012+ host is configured as a domain controller or demoted to member server. This module may require subsequent use of the win_reboot action if changes are made.

Options ¶

parameter	required	default	choices	comments
dns_domain_name	no			when `state` is `domain_controller`, the DNS name of the domain for which the targeted Windows host should be a DC
domain_admin_password	yes			password for the specified `domain_admin_user`
domain_admin_user	yes			username of a domain admin for the target domain (necessary to promote or demote a domain controller)
local_admin_password	no			password to be assigned to the local `Administrator` user (required when `state` is `member_server`)
safe_mode_password	no			safe mode password for the domain controller (required when `state` is `domain_controller`)
state	no		domain_controller member_server	whether the target host should be a domain controller or a member server

Examples ¶

# ensure a server is a domain controller
- hosts: winclient
  gather_facts: no
  tasks:
  - win_domain_controller:
      dns_domain_name: ansible.vagrant
      domain_admin_user: testguy@ansible.vagrant
      domain_admin_password: password123!
      safe_mode_password: password123!
      state: domain_controller
      log_path: c:\ansible_win_domain_controller.txt

# ensure a server is not a domain controller
# note that without an action wrapper, in the case where a DC is demoted,
# the task will fail with a 401 Unauthorized, because the domain credential
# becomes invalid to fetch the final output over WinRM. This requires win_async
# with credential switching (or other clever credential-switching
# mechanism to get the output and trigger the required reboot)
- hosts: winclient
  gather_facts: no
  tasks:
  - win_domain_controller:
      domain_admin_user: testguy@ansible.vagrant
      domain_admin_password: password123!
      local_admin_password: password123!
      state: member_server
      log_path: c:\ansible_win_domain_controller.txt

Return Values ¶

Common return values are documented here Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
reboot_required	True if changes were made that require a reboot.	always	boolean	True

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance Info ¶

For more information about Red Hat’s this support of this module, please refer to this knowledge base article<https://access.redhat.com/articles/rhel-top-support-policies>

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.