132 lines
3.6 KiB
YAML
132 lines
3.6 KiB
YAML
---
|
|
|
|
- name: ensure required powershell module is present
|
|
win_psmodule:
|
|
name: xActiveDirectory
|
|
state: present
|
|
|
|
- name: enable windows features
|
|
win_dsc:
|
|
resource_name: WindowsFeature
|
|
Name: "{{ item }}"
|
|
IncludeAllSubFeature: True
|
|
Ensure: Present
|
|
register: install_ad
|
|
ignore_errors: yes
|
|
loop:
|
|
- AD-Domain-Services
|
|
|
|
- name: reboot if needed
|
|
win_reboot:
|
|
# when: item.reboot_required
|
|
# loop: "{{ install_ad.results }}"
|
|
# run_once: yes
|
|
|
|
- name: add a new domain
|
|
win_dsc:
|
|
resource_name: xADDomain
|
|
DomainName: "{{ dns_domain_name }}"
|
|
DomainAdministratorCredential_username: "{{ domain_admin_username }}@{{ dns_domain_name }}"
|
|
DomainAdministratorCredential_password: "{{ domain_admin_password }}"
|
|
SafemodeAdministratorPassword_username: "{{ domain_admin_username }}@{{ dns_domain_name }}"
|
|
SafemodeAdministratorPassword_password: "{{ domain_admin_password }}"
|
|
register: add_domain
|
|
ignore_errors: yes
|
|
|
|
- name: set parent dn
|
|
set_fact:
|
|
parent_dn: "DC={{ dns_domain_name.split('.') | join(',DC=') }}"
|
|
|
|
- name: reboot if needed
|
|
win_reboot:
|
|
when: add_domain.reboot_required
|
|
|
|
- name: wait for AD domain
|
|
win_dsc:
|
|
resource_name: xWaitForADDomain
|
|
DomainName: "{{ dns_domain_name }}"
|
|
|
|
- name: adjust password policy
|
|
win_dsc:
|
|
resource_name: xADDomainDefaultPasswordPolicy
|
|
DomainName: "{{ dns_domain_name }}"
|
|
ComplexityEnabled: False
|
|
MinPasswordLength: 8
|
|
PasswordHistoryCount: 10
|
|
|
|
- name: add child OU
|
|
win_dsc:
|
|
resource_name: xADOrganizationalUnit
|
|
Name: "{{ item.name }}"
|
|
Path: "{{ parent_dn }}"
|
|
Description: "{{ item.description }}"
|
|
Ensure: Present
|
|
register: child_ou
|
|
loop: "{{ child_ous }}"
|
|
|
|
- name: add groups
|
|
win_dsc:
|
|
resource_name: xADGroup
|
|
GroupName: "{{ item.name }}"
|
|
GroupScope: "{{ item.scope }}"
|
|
Ensure: Present
|
|
loop: "{{ ad_groups }}"
|
|
|
|
- name: add domain admin user
|
|
win_dsc:
|
|
resource_name: xADUser
|
|
UserName: "{{ domain_admin_username }}"
|
|
UserPrincipalName: "{{ domain_admin_username }}@{{ dns_domain_name }}"
|
|
Password_username: "{{ domain_admin_username }}"
|
|
Password_password: "{{ domain_admin_password }}"
|
|
DomainName: "{{ dns_domain_name }}"
|
|
Enabled: True
|
|
GivenName: "{{ domain_admin_username }}"
|
|
Surname: user
|
|
Company: AnsibleByRedHat
|
|
EmailAddress: "{{ domain_admin_username }}@{{ dns_domain_name }}"
|
|
PasswordNeverExpires: True
|
|
Ensure: Present
|
|
ignore_errors: yes
|
|
|
|
- name: add admin user to Domain Admins group
|
|
win_dsc:
|
|
resource_name: xADGroup
|
|
GroupName: Domain Admins
|
|
MembersToInclude: "{{ domain_admin_username }}"
|
|
ignore_errors: yes
|
|
|
|
- name: add domain users
|
|
win_dsc:
|
|
resource_name: xADUser
|
|
UserName: "{{ item.username }}"
|
|
UserPrincipalName: "{{ item.username }}@{{ dns_domain_name }}"
|
|
Password_username: "{{ item.username }}"
|
|
Password_password: "{{ users_password }}"
|
|
DomainName: "{{ dns_domain_name }}"
|
|
DomainAdministratorCredential_username: "{{ domain_admin_username }}@{{ dns_domain_name }}"
|
|
DomainAdministratorCredential_password: "{{ domain_admin_password }}"
|
|
Enabled: True
|
|
GivenName: "{{ item.name }}"
|
|
Surname: user
|
|
Company: AnsibleByRedHat
|
|
EmailAddress: "{{ item.username }}@{{ dns_domain_name }}"
|
|
Ensure: Present
|
|
loop: "{{ ad_users }}"
|
|
ignore_errors: yes
|
|
|
|
- name: add domain users to groups
|
|
win_dsc:
|
|
resource_name: xADGroup
|
|
GroupName: "{{ item }}"
|
|
MembersToInclude: "{{ ad_users | map(attribute='username') | list }}"
|
|
loop:
|
|
- Ansible Users
|
|
- Remote Desktop Users
|
|
|
|
- name: ensure registry service is running
|
|
win_dsc:
|
|
resource_name: Service
|
|
Name: TermService
|
|
StartupType: Automatic
|
|
State: Running |