Try SpotterRemoved in 3.0.0
Reason:This module has been moved into the C(microsoft.ad) collection. | Alternative:Use the M(microsoft.ad.group) module instead.
Creates, modifies or removes domain groups
Authors: Jordan Borean (@jborean93)
Install with ansible-galaxy collection install community.windows:==2.2.0
collections:
- name: community.windows
version: 2.2.0Creates, modifies or removes groups in Active Directory.
For local groups, use the M(ansible.windows.win_group) module instead.
- name: Ensure the group Cow exists using sAMAccountName
community.windows.win_domain_group:
name: Cow
scope: global
path: OU=groups,DC=ansible,DC=local
- name: Ensure the group Cow doesn't exist using the Distinguished Name
community.windows.win_domain_group:
name: CN=Cow,OU=groups,DC=ansible,DC=local
state: absent
- name: Delete group ignoring the protection flag
community.windows.win_domain_group:
name: Cow
state: absent
ignore_protection: yes
- name: Create group with delete protection enabled and custom attributes
community.windows.win_domain_group:
name: Ansible Users
scope: domainlocal
category: security
attributes:
mail: helpdesk@ansible.com
wWWHomePage: www.ansible.com
ignore_protection: yes
- name: Change the OU of a group using the SID and ignore the protection flag
community.windows.win_domain_group:
name: S-1-5-21-2171456218-3732823212-122182344-1189
scope: global
organizational_unit: OU=groups,DC=ansible,DC=local
ignore_protection: yes
- name: Add managed_by user
community.windows.win_domain_group:
name: Group Name Here
managed_by: Domain Admins
- name: Add group and specify the AD domain services to use for the create
community.windows.win_domain_group:
name: Test Group
domain_username: user@CORP.ANSIBLE.COM
domain_password: Password01!
domain_server: corp-DC12.corp.ansible.com
scope: domainlocal
name:
description:
- The name of the group to create, modify or remove.
- This value can be in the forms C(Distinguished Name), C(objectGUID), C(objectSid)
or C(sAMAccountName), see examples for more details.
required: true
type: str
scope:
choices:
- domainlocal
- global
- universal
description:
- The scope of the group.
- If C(state=present) and the group doesn't exist then this must be set.
type: str
state:
choices:
- absent
- present
default: present
description:
- If C(state=present) this module will ensure the group is created and is configured
accordingly.
- If C(state=absent) this module will delete the group if it exists
type: str
protect:
description:
- Will set the C(ProtectedFromAccidentalDeletion) flag based on this value.
- This flag stops a user from deleting or moving a group to a different path.
type: bool
category:
choices:
- distribution
- security
description:
- The category of the group, this is the value to assign to the LDAP C(groupType)
attribute.
- If a new group is created then C(security) will be used by default.
type: str
attributes:
description:
- A dict of custom LDAP attributes to set on the group.
- This can be used to set custom attributes that are not exposed as module parameters,
e.g. C(mail).
- See the examples on how to format this parameter.
type: dict
managed_by:
description:
- The value to be assigned to the LDAP C(managedBy) attribute.
- This value can be in the forms C(Distinguished Name), C(objectGUID), C(objectSid)
or C(sAMAccountName), see examples for more details.
type: str
description:
description:
- The value to be assigned to the LDAP C(description) attribute.
type: str
display_name:
description:
- The value to assign to the LDAP C(displayName) attribute.
type: str
domain_server:
description:
- Specifies the Active Directory Domain Services instance to connect to.
- Can be in the form of an FQDN or NetBIOS name.
- If not specified then the value is based on the domain of the computer running PowerShell.
type: str
domain_password:
description:
- The password for C(username).
type: str
domain_username:
description:
- The username to use when interacting with AD.
- If this is not set then the user Ansible used to log in with will be used instead.
type: str
ignore_protection:
default: false
description:
- Will ignore the C(ProtectedFromAccidentalDeletion) flag when deleting or moving
a group.
- The module will fail if one of these actions need to occur and this value is set
to C(no).
type: bool
organizational_unit:
aliases:
- ou
- path
description:
- The full LDAP path to create or move the group to.
- This should be the path to the parent object to create or move the group to.
- See examples for details of how this path is formed.
type: str
attributes:
description: Custom attributes that were set by the module. This does not show all
the custom attributes rather just the ones that were set by the module.
returned: group exists and attributes are set on the module invocation
sample:
mail: helpdesk@ansible.com
wWWHomePage: www.ansible.com
type: dict
canonical_name:
description: The canonical name of the group.
returned: group exists
sample: ansible.local/groups/Cow
type: str
category:
description: The Group type value of the group, i.e. Security or Distribution.
returned: group exists
sample: Security
type: str
created:
description: Whether a group was created
returned: always
sample: true
type: bool
description:
description: The Description of the group.
returned: group exists
sample: Group Description
type: str
display_name:
description: The Display name of the group.
returned: group exists
sample: Users who connect through RDP
type: str
distinguished_name:
description: The full Distinguished Name of the group.
returned: group exists
sample: CN=Cow,OU=groups,DC=ansible,DC=local
type: str
group_scope:
description: The Group scope value of the group.
returned: group exists
sample: Universal
type: str
guid:
description: The guid of the group.
returned: group exists
sample: 512a9adb-3fc0-4a26-9df0-e6ea1740cf45
type: str
managed_by:
description: The full Distinguished Name of the AD object that is set on the managedBy
attribute.
returned: group exists
sample: CN=Domain Admins,CN=Users,DC=ansible,DC=local
type: str
name:
description: The name of the group.
returned: group exists
sample: Cow
type: str
protected_from_accidental_deletion:
description: Whether the group is protected from accidental deletion.
returned: group exists
sample: true
type: bool
sid:
description: The Security ID of the group.
returned: group exists
sample: S-1-5-21-2171456218-3732823212-122182344-1189
type: str