win_domain_group - Creates, modifies or removes domain groups
New in version 2.4.
Synopsis
- Creates, modifies or removes groups in Active Directory.
- For local groups, use the win_group module instead.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| attributes |
A dict of custom LDAP attributes to set on the group.
This can be used to set custom attributes that are not exposed as module parameters, e.g.
mail.
See the examples on how to format this parameter.
|
|
| category |
|
The category of the group, this is the value to assign to the LDAP
groupType attribute.
If a new group is created then security will be used by default.
|
| description |
The value to be assigned to the LDAP description attribute.
|
|
| display_name |
The value to assign to the LDAP displayName attribute.
|
|
| domain_password |
The password for username.
|
|
| domain_server
(added in 2.5)
|
Specifies the Active Directory Domain Services instance to connect to.
Can be in the form of an FQDN or NetBIOS name.
If not specified then the value is based on the domain of the computer running PowerShell.
|
|
| domain_username |
The username to use when interacting with AD.
If this is not set then the user Ansible used to log in with will be used instead.
|
|
| ignore_protection
bool
|
|
Will ignore the
ProtectedFromAccidentalDeletion flag when deleting or moving a group.
The module will fail if one of these actions need to occur and this value is set to no.
|
| managed_by |
The value to be assigned to the LDAP
managedBy attribute.
This value can be in the forms Distinguished Name, objectGUID, objectSid or sAMAccountName, see examples for more details.
|
|
| name
required
|
The name of the group to create, modify or remove.
This value can be in the forms Distinguished Name, objectGUID, objectSid or sAMAccountName, see examples for more details.
|
|
| organizational_unit |
The full LDAP path to create or move the group to.
This should be the path to the parent object to create or move the group to.
See examples for details of how this path is formed.
aliases: ou, path |
|
| protect
bool
|
|
Will set the
ProtectedFromAccidentalDeletion flag based on this value.
This flag stops a user from deleting or moving a group to a different path.
|
| scope |
|
The scope of the group.
If state=present and the group doesn't exist then this must be set.
|
| state |
|
If
state=present this module will ensure the group is created and is configured accordingly.
If state=absent this module will delete the group if it exists
|
Notes
Note
- This must be run on a host that has the ActiveDirectory powershell module installed.
Examples
- name: Ensure the group Cow exists using sAMAccountName
win_domain_group:
name: Cow
scope: global
path: OU=groups,DC=ansible,DC=local
- name: Ensure the group Cow does't exist using the Distinguished Name
win_domain_group:
name: CN=Cow,OU=groups,DC=ansible,DC=local
state: absent
- name: Delete group ignoring the protection flag
win_domain_group:
name: Cow
state: absent
ignore_protection: yes
- name: Create group with delete protection enabled and custom attributes
win_domain_group:
name: Ansible Users
scope: domainlocal
category: security
attributes:
mail: helpdesk@ansible.com
wWWHomePage: www.ansible.com
ignore_protection: yes
- name: Change the OU of a group using the SID and ignore the protection flag
win_domain_group:
name: S-1-5-21-2171456218-3732823212-122182344-1189
scope: global
organizational_unit: OU=groups,DC=ansible,DC=local
ignore_protection: yes
- name: Add managed_by user
win_domain_group:
name: Group Name Here
managed_by: Domain Admins
- name: Add group and specify the AD domain services to use for the create
win_domain_group:
name: Test Group
domain_username: user@CORP.ANSIBLE.COM
domain_password: Password01!
domain_server: corp-DC12.corp.ansible.com
scope: domainlocal
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| attributes
dict
|
group exists and attributes are set on the module invocation |
Custom attributes that were set by the module. This does not show all the custom attributes rather just the ones that were set by the module.
Sample:
{'mail': 'helpdesk@ansible.com', 'wWWHomePage': 'www.ansible.com'}
|
| canonical_name
string
|
group exists |
The canonical name of the group.
Sample:
ansible.local/groups/Cow
|
| category
string
|
group exists |
The Group type value of the group, i.e. Security or Distribution.
Sample:
Security
|
| description
string
|
group exists |
The Description of the group.
Sample:
Group Description
|
| display_name
string
|
group exists |
The Display name of the group.
Sample:
Users who connect through RDP
|
| distinguished_name
string
|
group exists |
The full Distinguished Name of the group.
Sample:
CN=Cow,OU=groups,DC=ansible,DC=local
|
| group_scope
string
|
group exists |
The Group scope value of the group.
Sample:
Universal
|
| guid
string
|
group exists |
The guid of the group.
Sample:
512a9adb-3fc0-4a26-9df0-e6ea1740cf45
|
| managed_by
string
|
group exists |
The full Distinguished Name of the AD object that is set on the managedBy attribute.
Sample:
CN=Domain Admins,CN=Users,DC=ansible,DC=local
|
| name
string
|
group exists |
The name of the group.
Sample:
Cow
|
| protected_from_accidental_deletion
bool
|
group exists |
Whether the group is protected from accidental deletion.
Sample:
True
|
| sid
string
|
group exists |
The Security ID of the group.
Sample:
S-1-5-21-2171456218-3732823212-122182344-1189
|
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Maintenance
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Author
- Jordan Borean (@jborean93)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.6/modules/win_domain_group_module.html