Try Spottercreates, modifies or removes domain groups
| "added in version" 2.4 of ansible.builtin"
Authors: Jordan Borean (@jborean93)
preview | supported by community
pipInstall with pip install ansible==2.4.3.0.post1
Creates, modifies or removes groups in Active Directory.
For local groups, use the M(win_group) module instead.
- name: ensure the group Cow exists using sAMAccountName
win_domain_group:
name: Cow
scope: global
path: OU=groups,DC=ansible,DC=local
- name: ensure the group Cow does't exist using the Distinguished Name
win_domain_group:
name: CN=Cow,OU=groups,DC=ansible,DC=local
state: absent
- name: delete group ignoring the protection flag
win_domain_group:
name: Cow
state: absent
ignore_protection: yes
- name: create group with delete protection enabled and custom attributes
win_domain_group:
name: Ansible Users
scope: domainlocal
category: security
attributes:
mail: helpdesk@ansible.com
wWWHomePage: www.ansible.com
ignore_protection: yes
- name: change the OU of a group using the SID and ignore the protection flag
win_domain_group:
name: S-1-5-21-2171456218-3732823212-122182344-1189
scope: global
organizational_unit: OU=groups,DC=ansible,DC=local
ignore_protection: True
- name: add managed_by user
win_domain_group:
name: Group Name Here
managed_by: Domain Admins
name:
description:
- The name of the group to create, modify or remove.
- This value can be in the forms C(Distinguished Name), C(objectGUID), C(objectSid)
or C(sAMAccountName), see examples for more details.
required: true
scope:
choices:
- domainlocal
- global
- universal
description:
- The scope of the group.
- If C(state=present) and the group doesn't exist then this must be set.
state:
choices:
- absent
- present
default: present
description:
- If C(state=present) this module will ensure the group is created and is configured
accordingly.
- If C(state=absent) this module will delete the group if it exists
protect:
description:
- Will set the C(ProtectedFromAccidentalDeletion) flag based on this value.
- This flag stops a user from deleting or moving a group to a different path.
type: bool
category:
choices:
- distribution
- security
description:
- The category of the group, this is the value to assign to the LDAP C(groupType)
attribute.
- If a new group is created then C(security) will be used by default.
attributes:
description:
- A dict of custom LDAP attributes to set on the group.
- This can be used to set custom attributes that are not exposed as module parameters,
e.g. C(mail).
- See the examples on how to format this parameter.
managed_by:
description:
- The value to be assigned to the LDAP C(managedBy) attribute.
- This value can be in the forms C(Distinguished Name), C(objectGUID), C(objectSid)
or C(sAMAccountName), see examples for more details.
description:
description:
- The value to be assigned to the LDAP C(description) attribute.
display_name:
description:
- The value to assign to the LDAP C(displayName) attribute.
domain_password:
description:
- The password for C(username).
domain_username:
description:
- The username to use when interacting with AD.
- If this is not set then the user Ansible used to log in with will be used instead.
ignore_protection:
default: 'no'
description:
- Will ignore the C(ProtectedFromAccidentalDeletion) flag when deleting or moving
a group.
- The module will fail if one of these actions need to occur and this value is set
to no.
type: bool
organizational_unit:
aliases:
- ou
- path
description:
- The full LDAP path to create or move the group to.
- This should be the path to the parent object to create or move the group to.
- See examples for details of how this path is formed.
attributes:
description: Custom attributes that were set by the module. This does not show all
the custom attributes rather just the ones that were set by the module.
returned: group exists and attributes are set on the module invocation
sample:
mail: helpdesk@ansible.com
wWWHomePage: www.ansible.com
type: dict
canonical_name:
description: The canonical name of the group.
returned: group exists
sample: ansible.local/groups/Cow
type: string
category:
description: The Group type value of the group, i.e. Security or Distribution.
returned: group exists
sample: Security
type: string
description:
description: The Description of the group.
returned: group exists
sample: Group Description
type: string
display_name:
description: The Display name of the group.
returned: group exists
sample: Users who connect through RDP
type: string
distinguished_name:
description: The full Distinguished Name of the group.
returned: group exists
sample: CN=Cow,OU=groups,DC=ansible,DC=local
type: string
group_scope:
description: The Group scope value of the group.
returned: group exists
sample: Universal
type: string
guid:
description: The guid of the group.
returned: group exists
sample: 512a9adb-3fc0-4a26-9df0-e6ea1740cf45
type: string
managed_by:
description: The full Distinguished Name of the AD object that is set on the managedBy
attribute.
returned: group exists
sample: CN=Domain Admins,CN=Users,DC=ansible,DC=local
type: string
name:
description: The name of the group.
returned: group exists
sample: Cow
type: string
protected_from_accidental_deletion:
description: Whether the group is protected from accidental deletion.
returned: group exists
sample: true
type: bool
sid:
description: The Security ID of the group.
returned: group exists
sample: S-1-5-21-2171456218-3732823212-122182344-1189
type: string