Build Windows Templates in RHV

roles/oatakan.ansible-role-windows-ad-controller/README.md

@@ -0,0 +1,2 @@
+# ansible-role-windows-ad-controller
+Ansible role to deploy Windows AD Controller

roles/oatakan.ansible-role-windows-ad-controller/defaults/main.yml

@@ -0,0 +1,22 @@
+---
+
+dns_domain_name: "example.com"
+domain_admin_password: "sX{88h:_P#G:]TC#"
+domain_admin_username: Admin
+
+users_password: "PiP@ssw0rd14"
+ad_users:
+  - name: user1
+    username: user1
+    email: user1
+  - name: user2
+    username: user2
+    email: user2
+
+ad_groups:
+  - name: Ansible Users
+    scope: global
+
+child_ous:
+  - name: Company OU
+    description: Test organization

roles/oatakan.ansible-role-windows-ad-controller/meta/.galaxy_install_info

@@ -0,0 +1,2 @@
+install_date: Thu Apr 22 15:31:09 2021
+version: ''

roles/oatakan.ansible-role-windows-ad-controller/meta/main.yml

@@ -0,0 +1,24 @@
+---
+galaxy_info:
+  author: Orcun Atakan
+  description: Ansible galaxy role for installing Windows AD Controller
+  company: Red Hat
+
+  license: license (GPLv2, CC-BY, etc)
+
+  min_ansible_version: 1.2
+
+  platforms:
+    - name: Windows
+      versions:
+        - all
+
+  categories:
+  - all
+
+  galaxy_tags:
+    - windows
+    - active directory
+    - ad
+
+dependencies: []

roles/oatakan.ansible-role-windows-ad-controller/tasks/main.yml

@@ -0,0 +1,132 @@
+---
+
+- name: ensure required powershell module is present
+  win_psmodule:
+    name: xActiveDirectory
+    state: present
+
+- name: enable windows features
+  win_dsc:
+    resource_name: WindowsFeature
+    Name: "{{ item }}"
+    IncludeAllSubFeature: True
+    Ensure: Present
+  register: install_ad
+  ignore_errors: yes
+  loop:
+    - AD-Domain-Services
+
+- name: reboot if needed
+  win_reboot:
+#  when: item.reboot_required
+#  loop: "{{ install_ad.results }}"
+#  run_once: yes
+
+- name: add a new domain
+  win_dsc:
+    resource_name: xADDomain
+    DomainName: "{{ dns_domain_name }}"
+    DomainAdministratorCredential_username: "{{ domain_admin_username }}@{{ dns_domain_name }}"
+    DomainAdministratorCredential_password: "{{ domain_admin_password }}"
+    SafemodeAdministratorPassword_username: "{{ domain_admin_username }}@{{ dns_domain_name }}"
+    SafemodeAdministratorPassword_password: "{{ domain_admin_password }}"
+  register: add_domain
+  ignore_errors: yes
+
+- name: set parent dn
+  set_fact:
+    parent_dn: "DC={{ dns_domain_name.split('.') | join(',DC=') }}"
+
+- name: reboot if needed
+  win_reboot:
+  when: add_domain.reboot_required
+
+- name: wait for AD domain
+  win_dsc:
+    resource_name: xWaitForADDomain
+    DomainName: "{{ dns_domain_name }}"
+
+- name: adjust password policy
+  win_dsc:
+    resource_name: xADDomainDefaultPasswordPolicy
+    DomainName: "{{ dns_domain_name }}"
+    ComplexityEnabled: False
+    MinPasswordLength: 8
+    PasswordHistoryCount: 10
+
+- name: add child OU
+  win_dsc:
+    resource_name: xADOrganizationalUnit
+    Name: "{{ item.name }}"
+    Path: "{{ parent_dn }}"
+    Description: "{{ item.description }}"
+    Ensure: Present
+  register: child_ou
+  loop: "{{ child_ous }}"
+
+- name: add groups
+  win_dsc:
+    resource_name: xADGroup
+    GroupName: "{{ item.name }}"
+    GroupScope: "{{ item.scope }}"
+    Ensure: Present
+  loop: "{{ ad_groups }}"
+
+- name: add domain admin user
+  win_dsc:
+    resource_name: xADUser
+    UserName: "{{ domain_admin_username }}"
+    UserPrincipalName: "{{ domain_admin_username }}@{{ dns_domain_name }}"
+    Password_username: "{{ domain_admin_username }}"
+    Password_password: "{{ domain_admin_password }}"
+    DomainName: "{{ dns_domain_name }}"
+    Enabled: True
+    GivenName: "{{ domain_admin_username }}"
+    Surname: user
+    Company: AnsibleByRedHat
+    EmailAddress: "{{ domain_admin_username }}@{{ dns_domain_name }}"
+    PasswordNeverExpires: True
+    Ensure: Present
+  ignore_errors: yes
+
+- name: add admin user to Domain Admins group
+  win_dsc:
+    resource_name: xADGroup
+    GroupName: Domain Admins
+    MembersToInclude: "{{ domain_admin_username }}"
+  ignore_errors: yes
+
+- name: add domain users
+  win_dsc:
+    resource_name: xADUser
+    UserName: "{{ item.username }}"
+    UserPrincipalName: "{{ item.username }}@{{ dns_domain_name }}"
+    Password_username: "{{ item.username }}"
+    Password_password: "{{ users_password }}"
+    DomainName: "{{ dns_domain_name }}"
+    DomainAdministratorCredential_username: "{{ domain_admin_username }}@{{ dns_domain_name }}"
+    DomainAdministratorCredential_password: "{{ domain_admin_password }}"
+    Enabled: True
+    GivenName: "{{ item.name }}"
+    Surname: user
+    Company: AnsibleByRedHat
+    EmailAddress: "{{ item.username }}@{{ dns_domain_name }}"
+    Ensure: Present
+  loop: "{{ ad_users }}"
+  ignore_errors: yes
+
+- name: add domain users to groups
+  win_dsc:
+    resource_name: xADGroup
+    GroupName: "{{ item }}"
+    MembersToInclude: "{{ ad_users | map(attribute='username') | list }}"
+  loop:
+    - Ansible Users
+    - Remote Desktop Users
+
+- name: ensure registry service is running
+  win_dsc:
+    resource_name: Service
+    Name: TermService
+    StartupType: Automatic
+    State: Running

roles/oatakan.ansible-role-windows-ad-controller/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

roles/oatakan.ansible-role-windows-ad-controller/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - windows-ad-controller