Try SpotterManage Windows local group membership
| "added in version" 2.4 of ansible.builtin"
Authors: Andrew Saraceni (@andrewsaraceni)
preview | supported by community
pipInstall with pip install ansible==2.6.2
Allows the addition and removal of local, service and domain users, and domain groups from a local group.
- name: Add a local and domain user to a local group
win_group_membership:
name: Remote Desktop Users
members:
- NewLocalAdmin
- DOMAIN\TestUser
state: present
- name: Remove a domain group and service user from a local group
win_group_membership:
name: Backup Operators
members:
- DOMAIN\TestGroup
- NT AUTHORITY\SYSTEM
state: absent
name:
description:
- Name of the local group to manage membership on.
required: true
state:
choices:
- absent
- present
default: present
description:
- Desired state of the members in the group.
members:
description:
- A list of members to ensure are present/absent from the group.
- Accepts local users as .\username, and SERVERNAME\username.
- Accepts domain users and groups as DOMAIN\username and username@DOMAIN.
- Accepts service users as NT AUTHORITY\username.
- Accepts all local, domain and service user types as username, favoring domain lookups
when in a domain.
required: true
added:
description: A list of members added when C(state) is C(present); this is empty
if no members are added.
returned: success and C(state) is C(present)
sample:
- SERVERNAME\NewLocalAdmin
- DOMAIN\TestUser
type: list
members:
description: A list of all local group members at completion; this is empty if the
group contains no members.
returned: success
sample:
- DOMAIN\TestUser
- SERVERNAME\NewLocalAdmin
type: list
name:
description: The name of the target local group.
returned: always
sample: Administrators
type: string
removed:
description: A list of members removed when C(state) is C(absent); this is empty
if no members are removed.
returned: success and C(state) is C(absent)
sample:
- DOMAIN\TestGroup
- NT AUTHORITY\SYSTEM
type: list