Try SpotterRemoved in 3.0.0
Reason:This module has been moved into the C(microsoft.ad) collection. | Alternative:Use the M(microsoft.ad.object_info) module instead.
Gather information an Active Directory object
Authors: Jordan Borean (@jborean93)
Install with ansible-galaxy collection install community.windows:==2.2.0
collections:
- name: community.windows
version: 2.2.0Gather information about multiple Active Directory object(s).
- name: Get all properties for the specified account using its DistinguishedName
community.windows.win_domain_object_info:
identity: CN=Username,CN=Users,DC=domain,DC=com
properties: '*'
- name: Get the SID for all user accounts as a filter
community.windows.win_domain_object_info:
filter: ObjectClass -eq 'user' -and objectCategory -eq 'Person'
properties:
- objectSid
- name: Get the SID for all user accounts as a LDAP filter
community.windows.win_domain_object_info:
ldap_filter: (&(objectClass=user)(objectCategory=Person))
properties:
- objectSid
- name: Search all computer accounts in a specific path that were added after February 1st
community.windows.win_domain_object_info:
filter: objectClass -eq 'computer' -and whenCreated -gt '20200201000000.0Z'
properties: '*'
search_scope: one_level
search_base: CN=Computers,DC=domain,DC=com
filter:
description:
- Specifies a query string using the PowerShell Expression Language syntax.
- This follows the same rules and formatting as the C(-Filter) parameter for the PowerShell
AD cmdlets exception there is no variable substitutions.
- This is mutually exclusive with I(identity) and I(ldap_filter).
type: str
identity:
description:
- Specifies a single Active Directory object by its distinguished name or its object
GUID.
- This is mutually exclusive with I(filter) and I(ldap_filter).
- This cannot be used with either the I(search_base) or I(search_scope) options.
type: str
properties:
description:
- A list of properties to return.
- If a property is C(*), all properties that have a set value on the AD object will
be returned.
- If a property is valid on the object but not set, it is only returned if defined
explicitly in this option list.
- The properties C(DistinguishedName), C(Name), C(ObjectClass), and C(ObjectGUID)
are always returned.
- Specifying multiple properties can have a performance impact, it is best to only
return what is needed.
- If an invalid property is specified then the module will display a warning for each
object it is invalid on.
elements: str
type: list
ldap_filter:
description:
- Like I(filter) but this is a tradiitional LDAP query string to filter the objects
to return.
- This is mutually exclusive with I(filter) and I(identity).
type: str
search_base:
description:
- Specify the Active Directory path to search for objects in.
- This cannot be set with I(identity).
- By default the search base is the default naming context of the target AD instance
which is the DN returned by "(Get-ADRootDSE).defaultNamingContext".
type: str
search_scope:
choices:
- base
- one_level
- subtree
description:
- Specify the scope of when searching for an object in the C(search_base).
- C(base) will limit the search to the base object so the maximum number of objects
returned is always one. This will not search any objects inside a container..
- C(one_level) will search the current path and any immediate objects in that path.
- C(subtree) will search the current path and all objects of that path recursively.
- This cannot be set with I(identity).
type: str
domain_server:
description:
- Specified the Active Directory Domain Services instance to connect to.
- Can be in the form of an FQDN or NetBIOS name.
- If not specified then the value is based on the default domain of the computer running
PowerShell.
type: str
domain_password:
description:
- The password for C(domain_username).
type: str
domain_username:
description:
- The username to use when interacting with AD.
- If this is not set then the user that is used for authentication will be the connection
user.
- Ansible will be unable to use the connection user unless auth is Kerberos with credential
delegation or CredSSP, or become is used on the task.
type: str
include_deleted:
default: false
description:
- Also search for deleted Active Directory objects.
type: bool
objects:
description:
- A list of dictionaries that are the Active Directory objects found and the properties
requested.
- The dict's keys are the property name and the value is the value for the property.
- All date properties are return in the ISO 8601 format in the UTC timezone.
- All SID properties are returned as a dict with the keys C(Sid) as the SID string
and C(Name) as the translated SID account name.
- All byte properties are returned as a base64 string.
- All security descriptor properties are returned as the SDDL string of that descriptor.
- The properties C(DistinguishedName), C(Name), C(ObjectClass), and C(ObjectGUID)
are always returned.
elements: dict
returned: always
sample: "[{\n \"accountExpires\": 0,\n \"adminCount\": 1,\n \"CanonicalName\"\
: \"domain.com/Users/Administrator\",\n \"CN\": \"Administrator\",\n \"Created\"\
: \"2020-01-13T09:03:22.0000000Z\",\n \"Description\": \"Built-in account for\
\ administering computer/domain\",\n \"DisplayName\": null,\n \"DistinguishedName\"\
: \"CN=Administrator,CN=Users,DC=domain,DC=com\",\n \"memberOf\": [\n \"CN=Group\
\ Policy Creator Owners,CN=Users,DC=domain,DC=com\",\n \"CN=Domain Admins\"\
,CN=Users,DC=domain,DC=com\"\n ],\n \"Name\": \"Administrator\",\n \"nTSecurityDescriptor\"\
: \"O:DAG:DAD:PAI(A;;LCRPLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPLOCRSDRCWDWO;;;BA)\"\
,\n \"ObjectCategory\": \"CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com\"\
,\n \"ObjectClass\": \"user\",\n \"ObjectGUID\": \"c8c6569e-4688-4f3c-8462-afc4ff60817b\"\
,\n \"objectSid\": {\n \"Sid\": \"S-1-5-21-2959096244-3298113601-420842770-500\"\
,\n \"Name\": \"DOMAIN\\Administrator\"\n },\n \"sAMAccountName\": \"Administrator\"\
,\n}]\n"
type: list