---
|
- name: Discover domain controller host
|
set_fact:
|
dc_host: "{{groups['activedirectories'][0]}}"
|
|
- name: Add domain controller private IP as DNS server
|
win_dns_client:
|
adapter_names: "*"
|
ipv4_addresses: "{{ hostvars[dc_host]['private_ip_address'] }}"
|
|
- name: Set hostname
|
win_hostname:
|
name: "{{ hostvars[inventory_hostname].instance_name }}"
|
register: win_hostname
|
|
- name: Reboot if required
|
win_reboot:
|
when: win_hostname.reboot_required
|
|
- name: Set DNS search suffix to {{ dns_domain }}
|
win_dns_searchsuffix:
|
suffixes:
|
- "{{ dns_domain_name }}"
|
|
- name: Add devops user in Administrators group
|
win_user:
|
account_locked: no
|
description: "{{ item }} user"
|
fullname: "{{ item }}"
|
groups:
|
- Administrators
|
- "Remote Management Users"
|
name: "{{ item }}"
|
password: "{{ windows_password }}"
|
state: present
|
user_cannot_change_password: yes
|
with_items:
|
- 'devops'
|
|
- name: Join Domain
|
block:
|
- name: Join Domain
|
win_domain_membership:
|
dns_domain_name: "{{ dns_domain_name }}"
|
domain_admin_user: "admin@{{ dns_domain_name }}"
|
domain_admin_password: "{{ windows_password }}"
|
state: domain
|
register: windomain
|
|
- name: Reboot if needed
|
win_reboot:
|
when: windomain.reboot_required
|
|
- name: Add Ansible group to a local Administrators
|
win_group_membership:
|
name: Administrators
|
members:
|
- "{{ dns_domain_name_short }}\\Ansible Users"
|
state: present
|
|
- name: Add Ansible group to a local Remote Management Users
|
win_group_membership:
|
name: Remote Management Users
|
members:
|
- "{{ dns_domain_name_short }}\\Ansible Users"
|
state: present
|
|
# We don't want win2 to join the main domain.
|
when: "'win2' not in inventory_hostname"
|