ansible / ansible.windows / 2.3.0 / module / win_user Manages local Windows user accounts Authors: Paul Durivage (@angstwad), Chris Church (@cchurch)ansible.windows.win_user (2.3.0) — module
Install with ansible-galaxy collection install ansible.windows:==2.3.0
collections: - name: ansible.windows version: 2.3.0
Manages local Windows user accounts.
For non-Windows targets, use the M(ansible.builtin.user) module instead.
- name: Ensure user bob is present ansible.windows.win_user: name: bob password: B0bP4ssw0rd state: present groups: - Users
- name: Ensure user bob is absent ansible.windows.win_user: name: bob state: absent
name: description: - Name of the user to create, remove or modify. required: true type: str state: choices: - absent - present - query default: present description: - When C(absent), removes the user account if it exists. - When C(present), creates or updates the user account. - When C(query), retrieves the user account details without making any changes. type: str groups: description: - Adds or removes the user from this comma-separated list of groups, depending on the value of I(groups_action). - When I(groups_action) is C(replace) and I(groups) is set to the empty string ('groups='), the user is removed from all groups. - Since C(ansible.windows v1.5.0) it is possible to specify a group using it's security identifier. elements: str type: list profile: description: - The profile path of the user. type: str version_added: 1.0.0 version_added_collection: ansible.windows fullname: description: - Full name of the user. type: str password: description: - Optionally set the user's password to this (plain text) value. type: str description: description: - Description of the user. type: str login_script: description: - The login script of the user. type: str version_added: 1.0.0 version_added_collection: ansible.windows groups_action: choices: - add - replace - remove default: replace description: - If C(add), the user is added to each group in I(groups) where not already a member. - If C(replace), the user is added as a member of each group in I(groups) and removed from any other groups. - If C(remove), the user is removed from each group in I(groups). type: str account_locked: description: - Only C(false) can be set and it will unlock the user account if locked. type: bool home_directory: description: - The designated home directory of the user. type: str version_added: 1.0.0 version_added_collection: ansible.windows update_password: choices: - always - on_create default: always description: - C(always) will update passwords if they differ. - C(on_create) will only set the password for newly created users. type: str account_disabled: description: - C(true) will disable the user account. - C(false) will clear the disabled flag. type: bool password_expired: description: - C(true) will require the user to change their password at next login. - C(false) will clear the expired password flag. type: bool password_never_expires: description: - C(true) will set the password to never expire. - C(false) will allow the password to expire. type: bool user_cannot_change_password: description: - C(true) will prevent the user from changing their password. - C(false) will allow the user to change their password. type: bool
account_disabled: description: Whether the user is disabled. returned: user exists sample: false type: bool account_locked: description: Whether the user is locked. returned: user exists sample: false type: bool description: description: The description set for the user. returned: user exists sample: Username for test type: str fullname: description: The full name set for the user. returned: user exists sample: Test Username type: str groups: description: A list of groups and their ADSI path the user is a member of. returned: user exists sample: - name: Administrators path: WinNT://WORKGROUP/USER-PC/Administrators type: list name: description: The name of the user returned: always sample: username type: str password_expired: description: Whether the password is expired. returned: user exists sample: false type: bool password_never_expires: description: Whether the password is set to never expire. returned: user exists sample: true type: bool path: description: The ADSI path for the user. returned: user exists sample: WinNT://WORKGROUP/USER-PC/username type: str sid: description: The SID for the user. returned: user exists sample: S-1-5-21-3322259488-2828151810-3939402796-1001 type: str user_cannot_change_password: description: Whether the user can change their own password. returned: user exists sample: false type: bool