community / community.windows / 2.2.0 / module / win_domain_object_info
Removed in 3.0.0
Reason:This module has been moved into the C(microsoft.ad) collection. | Alternative:Use the M(microsoft.ad.object_info) module instead.
Gather information an Active Directory object
Authors: Jordan Borean (@jborean93)
Install with ansible-galaxy collection install community.windows:==2.2.0
collections: - name: community.windows version: 2.2.0
Gather information about multiple Active Directory object(s).
- name: Get all properties for the specified account using its DistinguishedName community.windows.win_domain_object_info: identity: CN=Username,CN=Users,DC=domain,DC=com properties: '*'
- name: Get the SID for all user accounts as a filter community.windows.win_domain_object_info: filter: ObjectClass -eq 'user' -and objectCategory -eq 'Person' properties: - objectSid
- name: Get the SID for all user accounts as a LDAP filter community.windows.win_domain_object_info: ldap_filter: (&(objectClass=user)(objectCategory=Person)) properties: - objectSid
- name: Search all computer accounts in a specific path that were added after February 1st community.windows.win_domain_object_info: filter: objectClass -eq 'computer' -and whenCreated -gt '20200201000000.0Z' properties: '*' search_scope: one_level search_base: CN=Computers,DC=domain,DC=com
filter: description: - Specifies a query string using the PowerShell Expression Language syntax. - This follows the same rules and formatting as the C(-Filter) parameter for the PowerShell AD cmdlets exception there is no variable substitutions. - This is mutually exclusive with I(identity) and I(ldap_filter). type: str identity: description: - Specifies a single Active Directory object by its distinguished name or its object GUID. - This is mutually exclusive with I(filter) and I(ldap_filter). - This cannot be used with either the I(search_base) or I(search_scope) options. type: str properties: description: - A list of properties to return. - If a property is C(*), all properties that have a set value on the AD object will be returned. - If a property is valid on the object but not set, it is only returned if defined explicitly in this option list. - The properties C(DistinguishedName), C(Name), C(ObjectClass), and C(ObjectGUID) are always returned. - Specifying multiple properties can have a performance impact, it is best to only return what is needed. - If an invalid property is specified then the module will display a warning for each object it is invalid on. elements: str type: list ldap_filter: description: - Like I(filter) but this is a tradiitional LDAP query string to filter the objects to return. - This is mutually exclusive with I(filter) and I(identity). type: str search_base: description: - Specify the Active Directory path to search for objects in. - This cannot be set with I(identity). - By default the search base is the default naming context of the target AD instance which is the DN returned by "(Get-ADRootDSE).defaultNamingContext". type: str search_scope: choices: - base - one_level - subtree description: - Specify the scope of when searching for an object in the C(search_base). - C(base) will limit the search to the base object so the maximum number of objects returned is always one. This will not search any objects inside a container.. - C(one_level) will search the current path and any immediate objects in that path. - C(subtree) will search the current path and all objects of that path recursively. - This cannot be set with I(identity). type: str domain_server: description: - Specified the Active Directory Domain Services instance to connect to. - Can be in the form of an FQDN or NetBIOS name. - If not specified then the value is based on the default domain of the computer running PowerShell. type: str domain_password: description: - The password for C(domain_username). type: str domain_username: description: - The username to use when interacting with AD. - If this is not set then the user that is used for authentication will be the connection user. - Ansible will be unable to use the connection user unless auth is Kerberos with credential delegation or CredSSP, or become is used on the task. type: str include_deleted: default: false description: - Also search for deleted Active Directory objects. type: bool
objects: description: - A list of dictionaries that are the Active Directory objects found and the properties requested. - The dict's keys are the property name and the value is the value for the property. - All date properties are return in the ISO 8601 format in the UTC timezone. - All SID properties are returned as a dict with the keys C(Sid) as the SID string and C(Name) as the translated SID account name. - All byte properties are returned as a base64 string. - All security descriptor properties are returned as the SDDL string of that descriptor. - The properties C(DistinguishedName), C(Name), C(ObjectClass), and C(ObjectGUID) are always returned. elements: dict returned: always sample: "[{\n \"accountExpires\": 0,\n \"adminCount\": 1,\n \"CanonicalName\"\ : \"domain.com/Users/Administrator\",\n \"CN\": \"Administrator\",\n \"Created\"\ : \"2020-01-13T09:03:22.0000000Z\",\n \"Description\": \"Built-in account for\ \ administering computer/domain\",\n \"DisplayName\": null,\n \"DistinguishedName\"\ : \"CN=Administrator,CN=Users,DC=domain,DC=com\",\n \"memberOf\": [\n \"CN=Group\ \ Policy Creator Owners,CN=Users,DC=domain,DC=com\",\n \"CN=Domain Admins\"\ ,CN=Users,DC=domain,DC=com\"\n ],\n \"Name\": \"Administrator\",\n \"nTSecurityDescriptor\"\ : \"O:DAG:DAD:PAI(A;;LCRPLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPLOCRSDRCWDWO;;;BA)\"\ ,\n \"ObjectCategory\": \"CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com\"\ ,\n \"ObjectClass\": \"user\",\n \"ObjectGUID\": \"c8c6569e-4688-4f3c-8462-afc4ff60817b\"\ ,\n \"objectSid\": {\n \"Sid\": \"S-1-5-21-2959096244-3298113601-420842770-500\"\ ,\n \"Name\": \"DOMAIN\\Administrator\"\n },\n \"sAMAccountName\": \"Administrator\"\ ,\n}]\n" type: list