ansible / ansible.windows / 2.3.0 / module / win_domain_controller
Removed in 3.0.0
Reason:This module has been moved into the C(microsoft.ad) collection. | Alternative:Use the M(microsoft.ad.domain_controller) module instead.
Manage domain controller/member server state for a Windows host
Authors: Matt Davis (@nitzmahone)
Install with ansible-galaxy collection install ansible.windows:==2.3.0
collections: - name: ansible.windows version: 2.3.0
Ensure that a Windows Server 2012+ host is configured as a domain controller or demoted to member server.
This module may require subsequent use of the M(ansible.windows.win_reboot) action if changes are made.
- name: Ensure a server is a domain controller ansible.windows.win_domain_controller: dns_domain_name: ansible.vagrant domain_admin_user: testguy@ansible.vagrant domain_admin_password: password123! safe_mode_password: password123! state: domain_controller
# note that without an action wrapper, in the case where a DC is demoted, # the task will fail with a 401 Unauthorized, because the domain credential # becomes invalid to fetch the final output over WinRM. This requires win_async # with credential switching (or other clever credential-switching # mechanism to get the output and trigger the required reboot) - name: Ensure a server is not a domain controller ansible.windows.win_domain_controller: domain_admin_user: testguy@ansible.vagrant domain_admin_password: password123! local_admin_password: password123! state: member_server
- name: Promote server as a read only domain controller ansible.windows.win_domain_controller: dns_domain_name: ansible.vagrant domain_admin_user: testguy@ansible.vagrant domain_admin_password: password123! safe_mode_password: password123! state: domain_controller read_only: true site_name: London
- name: Promote server with custom paths ansible.windows.win_domain_controller: dns_domain_name: ansible.vagrant domain_admin_user: testguy@ansible.vagrant domain_admin_password: password123! safe_mode_password: password123! state: domain_controller sysvol_path: D:\SYSVOL database_path: D:\NTDS domain_log_path: D:\NTDS register: dc_promotion
- name: Reboot after promotion ansible.windows.win_reboot: when: dc_promotion.reboot_required
state: choices: - domain_controller - member_server description: - Whether the target host should be a domain controller or a member server. required: true type: str log_path: description: - The path to log any debug information when running the module. - This option is deprecated and should not be used, it will be removed on the major release after C(2022-07-01). - This does not relate to the C(-LogPath) paramter of the install controller cmdlet. type: str read_only: default: false description: - Whether to install the domain controller as a read only replica for an existing domain. type: bool site_name: description: - Specifies the name of an existing site where you can place the new domain controller. - This option is required when I(read_only) is C(true). type: str install_dns: description: - Whether to install the DNS service when creating the domain controller. - If not specified then the C(-InstallDns) option is not supplied to C(Install-ADDSDomainController) command, see U(https://docs.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomaincontroller). type: bool sysvol_path: description: - The path to a directory on a fixed disk of the Windows host where the Sysvol folder will be created. - If not set then the default path is C(%SYSTEMROOT%\SYSVOL). type: path database_path: description: - The path to a directory on a fixed disk of the Windows host where the domain database will be created.. - If not set then the default path is C(%SYSTEMROOT%\NTDS). type: path dns_domain_name: description: - When C(state) is C(domain_controller), the DNS name of the domain for which the targeted Windows host should be a DC. type: str domain_log_path: description: - Specified the fully qualified, non-UNC path to a directory on a fixed disk of the local computer that will contain the domain log files. type: path domain_admin_user: description: - Username of a domain admin for the target domain (necessary to promote or demote a domain controller). required: true type: str install_media_path: description: - The path to a directory on a fixed disk of the Windows host where the Install From Media C(IFC) data will be used. - See the L(Install using IFM guide,https://social.technet.microsoft.com/wiki/contents/articles/8630.active-directory-step-by-step-guide-to-install-an-additional-domain-controller-using-ifm.aspx) for more information. type: path safe_mode_password: description: - Safe mode password for the domain controller (required when C(state) is C(domain_controller)). type: str local_admin_password: description: - Password to be assigned to the local C(Administrator) user (required when C(state) is C(member_server)). type: str domain_admin_password: description: - Password for the specified C(domain_admin_user). required: true type: str
reboot_required: description: True if changes were made that require a reboot. returned: always sample: true type: bool