Try SpotterModify an Azure Active Directory user
| "added in version" 1.5.0 of azure.azcollection"
Authors: Cole Neubauer(@coleneubauer)
Install with ansible-galaxy collection install azure.azcollection:==2.3.0
collections:
- name: azure.azcollection
version: 2.3.0Create, delete, and update an Azure Active Directory user.
- name: Create user
azure_rm_aduser:
user_principal_name: "{{ user_id }}"
state: "present"
account_enabled: "True"
display_name: "Test_{{ user_principal_name }}_Display_Name"
password_profile: "password"
mail_nickname: "Test_{{ user_principal_name }}_mail_nickname"
on_premises_immutable_id: "{{ object_id }}"
given_name: "First"
surname: "Last"
user_type: "Member"
usage_location: "US"
mail: "{{ user_principal_name }}@contoso.com"
company_name: 'Test Company'
- name: Update user with new value for account_enabled
azure_rm_aduser:
user_principal_name: "{{ user_id }}"
state: "present"
account_enabled: "False"
- name: Delete user
azure_rm_aduser:
user_principal_name: "{{ user_id }}"
state: "absent"
mail:
description:
- The primary email address of the user.
- Used when either creating or updating a user account.
type: str
state:
choices:
- absent
- present
default: present
description:
- State of the ad user. Use C(present) to create or update an ad user and C(absent)
to delete an ad user.
type: str
secret:
description:
- Azure client secret. Use when authenticating with a Service Principal.
type: str
tenant:
description:
- Azure tenant ID. Use when authenticating with a Service Principal.
type: str
ad_user:
description:
- Active Directory username. Use when authenticating with an Active Directory user
rather than service principal.
type: str
profile:
description:
- Security profile found in ~/.azure/credentials file.
type: str
surname:
description:
- The surname for the user.
- Used when either creating or updating a user account.
type: str
log_mode:
description:
- Parent argument.
type: str
log_path:
description:
- Parent argument.
type: str
password:
description:
- Active Directory user password. Use when authenticating with an Active Directory
user rather than service principal.
type: str
client_id:
description:
- Azure client ID. Use when authenticating with a Service Principal or Managed Identity
(msi).
- Can also be set via the C(AZURE_CLIENT_ID) environment variable.
type: str
object_id:
description:
- The object id for the user.
- Updates or deletes the user who has this object ID.
- Mutually exclusive with I(user_principal_name), I(attribute_name), and I(odata_filter).
type: str
user_type:
description:
- A string value that can be used to classify user types in your directory, such as
Member and Guest.
- Used when either creating or updating a user account.
type: str
given_name:
description:
- The given name for the user.
- Used when either creating or updating a user account.
type: str
thumbprint:
description:
- The thumbprint of the private key specified in I(x509_certificate_path).
- Use when authenticating with a Service Principal.
- Required if I(x509_certificate_path) is defined.
type: str
version_added: 1.14.0
version_added_collection: azure.azcollection
api_profile:
default: latest
description:
- Selects an API profile to use when communicating with Azure services. Default value
of C(latest) is appropriate for public clouds; future values will allow use with
Azure Stack.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
auth_source:
choices:
- auto
- cli
- credential_file
- env
- msi
default: auto
description:
- Controls the source of the credentials to use for authentication.
- Can also be set via the C(ANSIBLE_AZURE_AUTH_SOURCE) environment variable.
- When set to C(auto) (the default) the precedence is module parameters -> C(env)
-> C(credential_file) -> C(cli).
- When set to C(env), the credentials will be read from the environment variables
- When set to C(credential_file), it will read the profile from C(~/.azure/credentials).
- When set to C(cli), the credentials will be sources from the Azure CLI profile.
C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID) can be used
to identify the subscription ID if more than one is present otherwise the default
az cli subscription is used.
- When set to C(msi), the host machine must be an azure resource with an enabled MSI
extension. C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID)
can be used to identify the subscription ID if the resource is granted access to
more than one subscription, otherwise the first subscription is chosen.
- The C(msi) was added in Ansible 2.6.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
company_name:
description:
- The name of the company that the user is associated with.
- This property can be useful for describing the company that an external user comes
from.
- The maximum length is 64 characters.Returned only on $select.
- Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values).
type: str
display_name:
description:
- The display name of the user.
- Used when either creating or updating a user account.
type: str
odata_filter:
description:
- Filter that can be used to specify a user to update or delete.
- Mutually exclusive with I(object_id), I(attribute_name), and I(user_principal_name).
type: str
mail_nickname:
description:
- The mail alias for the user.
- Used when either creating or updating a user account.
type: str
attribute_name:
description:
- The name of an attribute that you want to match to I(attribute_value).
- If I(attribute_name) is not a collection type it will update or delete the user
where I(attribute_name) is equal to I(attribute_value).
- If I(attribute_name) is a collection type it will update or delete the user where
I(attribute_value) is in I(attribute_name).
- Mutually exclusive with I(object_id), I(user_principal_name), and I(odata_filter).
- Required together with I(attribute_value).
type: str
usage_location:
description:
- A two letter country code, ISO standard 3166.
- Required for a user that will be assigned licenses due to legal requirement to check
for availability of services in countries.
- Used when either creating or updating a user account.
type: str
account_enabled:
description:
- A boolean determing whether or not the user account is enabled.
- Used when either creating or updating a user account.
type: bool
attribute_value:
description:
- The value to match I(attribute_name) to.
- If I(attribute_name) is not a collection type it will update or delete the user
where I(attribute_name) is equal to I(attribute_value).
- If I(attribute_name) is a collection type it will update or delete the user where
I(attribute_value) is in I(attribute_name).
- Required together with I(attribute_name).
type: str
subscription_id:
description:
- Your Azure subscription Id.
type: str
password_profile:
description:
- The password for the user.
- Used when either creating or updating a user account.
type: str
cloud_environment:
default: AzureCloud
description:
- For cloud environments other than the US public cloud, the environment name (as
defined by Azure Python SDK, eg, C(AzureChinaCloud), C(AzureUSGovernment)), or a
metadata discovery endpoint URL (required for Azure Stack). Can also be set via
credential file profile or the C(AZURE_CLOUD_ENVIRONMENT) environment variable.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
adfs_authority_url:
description:
- Azure AD authority url. Use when authenticating with Username/password, and has
your own ADFS authority.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
user_principal_name:
description:
- The principal name of the user.
- Creates, updates, or deletes the user who has this principal name.
- Mutually exclusive with I(object_id), I(attribute_name), and I(odata_filter).
type: str
cert_validation_mode:
choices:
- ignore
- validate
description:
- Controls the certificate validation behavior for Azure endpoints. By default, all
modules will validate the server certificate, but when an HTTPS proxy is in use,
or against Azure Stack, it may be necessary to disable this behavior by passing
C(ignore). Can also be set via credential file profile or the C(AZURE_CERT_VALIDATION)
environment variable.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
x509_certificate_path:
description:
- Path to the X509 certificate used to create the service principal in PEM format.
- The certificate must be appended to the private key.
- Use when authenticating with a Service Principal.
type: path
version_added: 1.14.0
version_added_collection: azure.azcollection
on_premises_immutable_id:
aliases:
- immutable_id
description:
- The on_premises_immutable_id of the user.
- Used when either creating or updating a user account.
type: str
disable_instance_discovery:
default: false
description:
- Determines whether or not instance discovery is performed when attempting to authenticate.
Setting this to true will completely disable both instance discovery and authority
validation. This functionality is intended for use in scenarios where the metadata
endpoint cannot be reached such as in private clouds or Azure Stack. The process
of instance discovery entails retrieving authority metadata from https://login.microsoft.com/
to validate the authority. By setting this to **True**, the validation of the authority
is disabled. As a result, it is crucial to ensure that the configured authority
host is valid and trustworthy.
- Set via credential file profile or the C(AZURE_DISABLE_INSTANCE_DISCOVERY) environment
variable.
type: bool
version_added: 2.3.0
version_added_collection: azure.azcollection
account_enabled: description: - Whether the account is enabled. returned: always sample: false type: bool company_name: description: - The name of the company that the user is associated with. returned: always sample: Test Company type: str display_name: description: - The display name of the user. returned: always sample: John Smith type: str mail: description: - The primary email address of the user. returned: always sample: John.Smith@contoso.com type: str mail_nickname: description: - The mail alias for the user. returned: always sample: jsmith type: str object_id: description: - The object_id for the user. returned: always sample: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx type: str user_principal_name: description: - The principal name of the user. returned: always sample: jsmith@contoso.com type: str user_type: description: - A string value that can be used to classify user types in your directory. returned: always sample: Member type: str