darrenswart.ad_group
Ansible Role: ad_group
This role creates a designated Active Directory (AD) group in the specified Organizational Unit (OU). It can also add users and other groups to this group. When adding users/groups to an existing group, it will only add the specified ones; it will not remove any that are already in the group. Thus, this role cannot be used to remove users/groups, but it can delete the specified group.
Requirements
To use this role, the Active Directory module for PowerShell must be installed on a Windows server. Additionally, the server with the AD module should have WinRM (Windows Remote Management) set up for Ansible.
Role Variables
| Name | Default Value | Description |
|---|---|---|
ad_group_name |
None | The name of the group in Active Directory. This is required. |
ad_group_description |
None | A description for the group. This is optional. |
ad_group_ou |
None | The OU where the group is located. Must be in Distinguished Name Format (e.g., OU=school-teachers,OU=1885,DC=fluxcapacitor,DC=com). This is required. |
ad_group_membership_users |
[] | A list of users to add to the group, using their UPN (usually their email). This is optional and should be in YAML format. |
ad_group_membership_groups |
[] | A list of groups to add to the group, using their Distinguished Name. This is optional and should be in YAML format. |
ad_domain |
None | The domain in which to create the group. |
ad_group_state |
present | Set to absent if the group should be deleted (e.g., ad_group_state=absent). |
domain_username |
{{ ansible_user }} | By default, this uses {{ ansible_user }} (the user connecting through WinRM). If another user is needed, specify that user here. |
domain_password |
{{ ansible_password }} | By default, this uses {{ ansible_password }} (the password for the user connecting via WinRM). If another user is required, specify their password here. |
Example Playbook
---
- hosts: all
tasks:
- name: Create the AD group travelers
include_role:
name: ad_group
vars:
ad_domain: fluxcapacitor.com
ad_group_name: travelers
ad_group_description: time travelers
ad_group_ou: OU=school-teachers,OU=1885,DC=fluxcapacitor,DC=com
ad_group_membership_users: ['[email protected]', '[email protected]']
NOTE
Since it may take time for changes to replicate in Active Directory, the role sets a variable called domain_controller after execution. It's recommended to use this value in your playbook if you want to interact with the newly created group, as the replication may not be complete when the role finishes.
License
BSD
Author Information
Darren Swart
Creation of Active Directory groups as well as group membership
ansible-galaxy install darrenswart.ad_group