win_domain_group_membership – Manage Windows domain group membership
New in version 2.8.
Synopsis
- Allows the addition and removal of domain users and domain groups from/to a domain group.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| domain_password
string
|
The password for username.
|
|
| domain_server
string
|
Specifies the Active Directory Domain Services instance to connect to.
Can be in the form of an FQDN or NetBIOS name.
If not specified then the value is based on the domain of the computer running PowerShell.
|
|
| domain_username
string
|
The username to use when interacting with AD.
If this is not set then the user Ansible used to log in with will be used instead when using CredSSP or Kerberos with credential delegation.
|
|
| members
list / required
|
A list of members to ensure are present/absent from the group.
The given names must be a SamAccountName of a user, group, service account, or computer.
For computers, you must add "$" after the name; for example, to add "Mycomputer" to a group, use "Mycomputer$" as the member.
|
|
| name
string / required
|
Name of the domain group to manage membership on.
|
|
| state
string
|
|
Desired state of the members in the group.
When state is pure, only the members specified will exist, and all other existing members not specified are removed.
|
See Also
See also
- win_domain_user – Manages Windows Active Directory user accounts
- The official documentation on the win_domain_user module.
- win_domain_group – Creates, modifies or removes domain groups
- The official documentation on the win_domain_group module.
Examples
- name: Add a domain user/group to a domain group
win_domain_group_membership:
name: Foo
members:
- Bar
state: present
- name: Remove a domain user/group from a domain group
win_domain_group_membership:
name: Foo
members:
- Bar
state: absent
- name: Ensure only a domain user/group exists in a domain group
win_domain_group_membership:
name: Foo
members:
- Bar
state: pure
- name: Add a computer to a domain group
win_domain_group_membership:
name: Foo
members:
- DESKTOP$
state: present
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| added
list
|
success and state is present or pure |
A list of members added when state is present or pure; this is empty if no members are added.
Sample:
['UserName', 'GroupName']
|
| members
list
|
success |
A list of all domain group members at completion; this is empty if the group contains no members.
Sample:
['UserName', 'GroupName']
|
| name
string
|
always |
The name of the target domain group.
Sample:
Domain-Admins
|
| removed
list
|
success and state is absent or pure |
A list of members removed when state is absent or pure; this is empty if no members are removed.
Sample:
['UserName', 'GroupName']
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Marius Rieder (@jiuka)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/win_domain_group_membership_module.html