ansible / ansible.builtin / v2.7.17 / module / win_domain_group Creates, modifies or removes domain groups | "added in version" 2.4 of ansible.builtin" Authors: Jordan Borean (@jborean93) preview | supported by communityansible.builtin.win_domain_group (v2.7.17) — module
pip
Install with pip install ansible==2.7.17
Creates, modifies or removes groups in Active Directory.
For local groups, use the M(win_group) module instead.
- name: Ensure the group Cow exists using sAMAccountName win_domain_group: name: Cow scope: global path: OU=groups,DC=ansible,DC=local
- name: Ensure the group Cow does't exist using the Distinguished Name win_domain_group: name: CN=Cow,OU=groups,DC=ansible,DC=local state: absent
- name: Delete group ignoring the protection flag win_domain_group: name: Cow state: absent ignore_protection: yes
- name: Create group with delete protection enabled and custom attributes win_domain_group: name: Ansible Users scope: domainlocal category: security attributes: mail: helpdesk@ansible.com wWWHomePage: www.ansible.com ignore_protection: yes
- name: Change the OU of a group using the SID and ignore the protection flag win_domain_group: name: S-1-5-21-2171456218-3732823212-122182344-1189 scope: global organizational_unit: OU=groups,DC=ansible,DC=local ignore_protection: yes
- name: Add managed_by user win_domain_group: name: Group Name Here managed_by: Domain Admins
- name: Add group and specify the AD domain services to use for the create win_domain_group: name: Test Group domain_username: user@CORP.ANSIBLE.COM domain_password: Password01! domain_server: corp-DC12.corp.ansible.com scope: domainlocal
name: description: - The name of the group to create, modify or remove. - This value can be in the forms C(Distinguished Name), C(objectGUID), C(objectSid) or C(sAMAccountName), see examples for more details. required: true scope: choices: - domainlocal - global - universal description: - The scope of the group. - If C(state=present) and the group doesn't exist then this must be set. state: choices: - absent - present default: present description: - If C(state=present) this module will ensure the group is created and is configured accordingly. - If C(state=absent) this module will delete the group if it exists protect: description: - Will set the C(ProtectedFromAccidentalDeletion) flag based on this value. - This flag stops a user from deleting or moving a group to a different path. type: bool category: choices: - distribution - security description: - The category of the group, this is the value to assign to the LDAP C(groupType) attribute. - If a new group is created then C(security) will be used by default. attributes: description: - A dict of custom LDAP attributes to set on the group. - This can be used to set custom attributes that are not exposed as module parameters, e.g. C(mail). - See the examples on how to format this parameter. managed_by: description: - The value to be assigned to the LDAP C(managedBy) attribute. - This value can be in the forms C(Distinguished Name), C(objectGUID), C(objectSid) or C(sAMAccountName), see examples for more details. description: description: - The value to be assigned to the LDAP C(description) attribute. display_name: description: - The value to assign to the LDAP C(displayName) attribute. domain_server: description: - Specifies the Active Directory Domain Services instance to connect to. - Can be in the form of an FQDN or NetBIOS name. - If not specified then the value is based on the domain of the computer running PowerShell. version_added: '2.5' version_added_collection: ansible.builtin domain_password: description: - The password for C(username). domain_username: description: - The username to use when interacting with AD. - If this is not set then the user Ansible used to log in with will be used instead. ignore_protection: default: 'no' description: - Will ignore the C(ProtectedFromAccidentalDeletion) flag when deleting or moving a group. - The module will fail if one of these actions need to occur and this value is set to C(no). type: bool organizational_unit: aliases: - ou - path description: - The full LDAP path to create or move the group to. - This should be the path to the parent object to create or move the group to. - See examples for details of how this path is formed.
attributes: description: Custom attributes that were set by the module. This does not show all the custom attributes rather just the ones that were set by the module. returned: group exists and attributes are set on the module invocation sample: mail: helpdesk@ansible.com wWWHomePage: www.ansible.com type: dict canonical_name: description: The canonical name of the group. returned: group exists sample: ansible.local/groups/Cow type: string category: description: The Group type value of the group, i.e. Security or Distribution. returned: group exists sample: Security type: string description: description: The Description of the group. returned: group exists sample: Group Description type: string display_name: description: The Display name of the group. returned: group exists sample: Users who connect through RDP type: string distinguished_name: description: The full Distinguished Name of the group. returned: group exists sample: CN=Cow,OU=groups,DC=ansible,DC=local type: string group_scope: description: The Group scope value of the group. returned: group exists sample: Universal type: string guid: description: The guid of the group. returned: group exists sample: 512a9adb-3fc0-4a26-9df0-e6ea1740cf45 type: string managed_by: description: The full Distinguished Name of the AD object that is set on the managedBy attribute. returned: group exists sample: CN=Domain Admins,CN=Users,DC=ansible,DC=local type: string name: description: The name of the group. returned: group exists sample: Cow type: string protected_from_accidental_deletion: description: Whether the group is protected from accidental deletion. returned: group exists sample: true type: bool sid: description: The Security ID of the group. returned: group exists sample: S-1-5-21-2171456218-3732823212-122182344-1189 type: string