--- - name: ensure required powershell module is present win_psmodule: name: xActiveDirectory state: present - name: enable windows features win_dsc: resource_name: WindowsFeature Name: "{{ item }}" IncludeAllSubFeature: True Ensure: Present register: install_ad ignore_errors: yes loop: - AD-Domain-Services - name: reboot if needed win_reboot: # when: item.reboot_required # loop: "{{ install_ad.results }}" # run_once: yes - name: add a new domain win_dsc: resource_name: xADDomain DomainName: "{{ dns_domain_name }}" DomainAdministratorCredential_username: "{{ domain_admin_username }}@{{ dns_domain_name }}" DomainAdministratorCredential_password: "{{ domain_admin_password }}" SafemodeAdministratorPassword_username: "{{ domain_admin_username }}@{{ dns_domain_name }}" SafemodeAdministratorPassword_password: "{{ domain_admin_password }}" register: add_domain ignore_errors: yes - name: set parent dn set_fact: parent_dn: "DC={{ dns_domain_name.split('.') | join(',DC=') }}" - name: reboot if needed win_reboot: when: add_domain.reboot_required - name: wait for AD domain win_dsc: resource_name: xWaitForADDomain DomainName: "{{ dns_domain_name }}" - name: adjust password policy win_dsc: resource_name: xADDomainDefaultPasswordPolicy DomainName: "{{ dns_domain_name }}" ComplexityEnabled: False MinPasswordLength: 8 PasswordHistoryCount: 10 - name: add child OU win_dsc: resource_name: xADOrganizationalUnit Name: "{{ item.name }}" Path: "{{ parent_dn }}" Description: "{{ item.description }}" Ensure: Present register: child_ou loop: "{{ child_ous }}" - name: add groups win_dsc: resource_name: xADGroup GroupName: "{{ item.name }}" GroupScope: "{{ item.scope }}" Ensure: Present loop: "{{ ad_groups }}" - name: add domain admin user win_dsc: resource_name: xADUser UserName: "{{ domain_admin_username }}" UserPrincipalName: "{{ domain_admin_username }}@{{ dns_domain_name }}" Password_username: "{{ domain_admin_username }}" Password_password: "{{ domain_admin_password }}" DomainName: "{{ dns_domain_name }}" Enabled: True GivenName: "{{ domain_admin_username }}" Surname: user Company: AnsibleByRedHat EmailAddress: "{{ domain_admin_username }}@{{ dns_domain_name }}" PasswordNeverExpires: True Ensure: Present ignore_errors: yes - name: add admin user to Domain Admins group win_dsc: resource_name: xADGroup GroupName: Domain Admins MembersToInclude: "{{ domain_admin_username }}" ignore_errors: yes - name: add domain users win_dsc: resource_name: xADUser UserName: "{{ item.username }}" UserPrincipalName: "{{ item.username }}@{{ dns_domain_name }}" Password_username: "{{ item.username }}" Password_password: "{{ users_password }}" DomainName: "{{ dns_domain_name }}" DomainAdministratorCredential_username: "{{ domain_admin_username }}@{{ dns_domain_name }}" DomainAdministratorCredential_password: "{{ domain_admin_password }}" Enabled: True GivenName: "{{ item.name }}" Surname: user Company: AnsibleByRedHat EmailAddress: "{{ item.username }}@{{ dns_domain_name }}" Ensure: Present loop: "{{ ad_users }}" ignore_errors: yes - name: add domain users to groups win_dsc: resource_name: xADGroup GroupName: "{{ item }}" MembersToInclude: "{{ ad_users | map(attribute='username') | list }}" loop: - Ansible Users - Remote Desktop Users - name: ensure registry service is running win_dsc: resource_name: Service Name: TermService StartupType: Automatic State: Running