---
- name: Discover domain controller host
  set_fact:
    dc_host: "{{groups['activedirectories'][0]}}"

- name: Add domain controller private IP as DNS server
  win_dns_client:
    adapter_names: "*"
    ipv4_addresses: "{{ hostvars[dc_host]['private_ip_address'] }}"

- name: Set hostname
  win_hostname:
    name: "{{ hostvars[inventory_hostname].instance_name }}"
  register: win_hostname

- name: Reboot if required
  win_reboot:
  when: win_hostname.reboot_required

- name: Set DNS search suffix to {{ dns_domain }}
  win_dns_searchsuffix:
    suffixes:
      - "{{ dns_domain_name }}"

- name: Add devops user in Administrators group
  win_user:
    account_locked: no
    description: "{{ item }} user"
    fullname: "{{ item }}"
    groups:
      - Administrators
      - "Remote Management Users"
    name: "{{ item }}"
    password: "{{ windows_password }}"
    state: present
    user_cannot_change_password: yes
  with_items:
    - 'devops'

- name: Join Domain
  block:
    - name: Join Domain
      win_domain_membership:
        dns_domain_name: "{{ dns_domain_name }}"
        domain_admin_user: "admin@{{ dns_domain_name }}"
        domain_admin_password: "{{ windows_password }}"
        state: domain
      register: windomain

    - name: Reboot if needed
      win_reboot:
      when: windomain.reboot_required

    - name: Add Ansible group to a local Administrators
      win_group_membership:
        name: Administrators
        members:
        - "{{ dns_domain_name_short }}\\Ansible Users"
        state: present

    - name: Add Ansible group to a local Remote Management Users
      win_group_membership:
        name: Remote Management Users
        members:
          - "{{ dns_domain_name_short }}\\Ansible Users"
        state: present

  # We don't want win2 to join the main domain.
  when: "'win2' not in inventory_hostname"