Build Windows Templates in RHV

roles/oatakan.ansible-role-windows-ad-controller/tasks/main.yml

@@ -0,0 +1,132 @@
+---
+
+- name: ensure required powershell module is present
+  win_psmodule:
+    name: xActiveDirectory
+    state: present
+
+- name: enable windows features
+  win_dsc:
+    resource_name: WindowsFeature
+    Name: "{{ item }}"
+    IncludeAllSubFeature: True
+    Ensure: Present
+  register: install_ad
+  ignore_errors: yes
+  loop:
+    - AD-Domain-Services
+
+- name: reboot if needed
+  win_reboot:
+#  when: item.reboot_required
+#  loop: "{{ install_ad.results }}"
+#  run_once: yes
+
+- name: add a new domain
+  win_dsc:
+    resource_name: xADDomain
+    DomainName: "{{ dns_domain_name }}"
+    DomainAdministratorCredential_username: "{{ domain_admin_username }}@{{ dns_domain_name }}"
+    DomainAdministratorCredential_password: "{{ domain_admin_password }}"
+    SafemodeAdministratorPassword_username: "{{ domain_admin_username }}@{{ dns_domain_name }}"
+    SafemodeAdministratorPassword_password: "{{ domain_admin_password }}"
+  register: add_domain
+  ignore_errors: yes
+
+- name: set parent dn
+  set_fact:
+    parent_dn: "DC={{ dns_domain_name.split('.') | join(',DC=') }}"
+
+- name: reboot if needed
+  win_reboot:
+  when: add_domain.reboot_required
+
+- name: wait for AD domain
+  win_dsc:
+    resource_name: xWaitForADDomain
+    DomainName: "{{ dns_domain_name }}"
+
+- name: adjust password policy
+  win_dsc:
+    resource_name: xADDomainDefaultPasswordPolicy
+    DomainName: "{{ dns_domain_name }}"
+    ComplexityEnabled: False
+    MinPasswordLength: 8
+    PasswordHistoryCount: 10
+
+- name: add child OU
+  win_dsc:
+    resource_name: xADOrganizationalUnit
+    Name: "{{ item.name }}"
+    Path: "{{ parent_dn }}"
+    Description: "{{ item.description }}"
+    Ensure: Present
+  register: child_ou
+  loop: "{{ child_ous }}"
+
+- name: add groups
+  win_dsc:
+    resource_name: xADGroup
+    GroupName: "{{ item.name }}"
+    GroupScope: "{{ item.scope }}"
+    Ensure: Present
+  loop: "{{ ad_groups }}"
+
+- name: add domain admin user
+  win_dsc:
+    resource_name: xADUser
+    UserName: "{{ domain_admin_username }}"
+    UserPrincipalName: "{{ domain_admin_username }}@{{ dns_domain_name }}"
+    Password_username: "{{ domain_admin_username }}"
+    Password_password: "{{ domain_admin_password }}"
+    DomainName: "{{ dns_domain_name }}"
+    Enabled: True
+    GivenName: "{{ domain_admin_username }}"
+    Surname: user
+    Company: AnsibleByRedHat
+    EmailAddress: "{{ domain_admin_username }}@{{ dns_domain_name }}"
+    PasswordNeverExpires: True
+    Ensure: Present
+  ignore_errors: yes
+
+- name: add admin user to Domain Admins group
+  win_dsc:
+    resource_name: xADGroup
+    GroupName: Domain Admins
+    MembersToInclude: "{{ domain_admin_username }}"
+  ignore_errors: yes
+
+- name: add domain users
+  win_dsc:
+    resource_name: xADUser
+    UserName: "{{ item.username }}"
+    UserPrincipalName: "{{ item.username }}@{{ dns_domain_name }}"
+    Password_username: "{{ item.username }}"
+    Password_password: "{{ users_password }}"
+    DomainName: "{{ dns_domain_name }}"
+    DomainAdministratorCredential_username: "{{ domain_admin_username }}@{{ dns_domain_name }}"
+    DomainAdministratorCredential_password: "{{ domain_admin_password }}"
+    Enabled: True
+    GivenName: "{{ item.name }}"
+    Surname: user
+    Company: AnsibleByRedHat
+    EmailAddress: "{{ item.username }}@{{ dns_domain_name }}"
+    Ensure: Present
+  loop: "{{ ad_users }}"
+  ignore_errors: yes
+
+- name: add domain users to groups
+  win_dsc:
+    resource_name: xADGroup
+    GroupName: "{{ item }}"
+    MembersToInclude: "{{ ad_users | map(attribute='username') | list }}"
+  loop:
+    - Ansible Users
+    - Remote Desktop Users
+
+- name: ensure registry service is running
+  win_dsc:
+    resource_name: Service
+    Name: TermService
+    StartupType: Automatic
+    State: Running