ansible.windows.win_domain_controller module – Manage domain controller/member server state for a Windows host
Note
This module is part of the ansible.windows collection (version 2.5.0).
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_domain_controller
.
DEPRECATED
- Removed in:
version 3.0.0
- Why:
This module has been moved into the
microsoft.ad
collection.- Alternative:
Use the microsoft.ad.domain_controller module instead.
Synopsis
Ensure that a Windows Server 2012+ host is configured as a domain controller or demoted to member server.
This module may require subsequent use of the ansible.windows.win_reboot action if changes are made.
Parameters
Parameter |
Comments |
---|---|
The path to a directory on a fixed disk of the Windows host where the domain database will be created.. If not set then the default path is |
|
When |
|
Password for the specified |
|
Username of a domain admin for the target domain (necessary to promote or demote a domain controller). |
|
Specified the fully qualified, non-UNC path to a directory on a fixed disk of the local computer that will contain the domain log files. |
|
Whether to install the DNS service when creating the domain controller. If not specified then the Choices:
|
|
The path to a directory on a fixed disk of the Windows host where the Install From Media See the Install using IFM guide for more information. |
|
Password to be assigned to the local |
|
The path to log any debug information when running the module. This option is deprecated and should not be used, it will be removed on the major release after This does not relate to the |
|
Whether to install the domain controller as a read only replica for an existing domain. Choices:
|
|
Safe mode password for the domain controller (required when |
|
Specifies the name of an existing site where you can place the new domain controller. This option is required when read_only is |
|
Whether the target host should be a domain controller or a member server. Choices:
|
|
The path to a directory on a fixed disk of the Windows host where the Sysvol folder will be created. If not set then the default path is |
See Also
See also
- ansible.windows.win_domain
Ensures the existence of a Windows domain.
- community.windows.win_domain_computer
The official documentation on the community.windows.win_domain_computer module.
- community.windows.win_domain_group
The official documentation on the community.windows.win_domain_group module.
- ansible.windows.win_domain_membership
Manage domain/workgroup membership for a Windows host.
- community.windows.win_domain_user
The official documentation on the community.windows.win_domain_user module.
Examples
- name: Ensure a server is a domain controller
ansible.windows.win_domain_controller:
dns_domain_name: ansible.vagrant
domain_admin_user: testguy@ansible.vagrant
domain_admin_password: password123!
safe_mode_password: password123!
state: domain_controller
# note that without an action wrapper, in the case where a DC is demoted,
# the task will fail with a 401 Unauthorized, because the domain credential
# becomes invalid to fetch the final output over WinRM. This requires win_async
# with credential switching (or other clever credential-switching
# mechanism to get the output and trigger the required reboot)
- name: Ensure a server is not a domain controller
ansible.windows.win_domain_controller:
domain_admin_user: testguy@ansible.vagrant
domain_admin_password: password123!
local_admin_password: password123!
state: member_server
- name: Promote server as a read only domain controller
ansible.windows.win_domain_controller:
dns_domain_name: ansible.vagrant
domain_admin_user: testguy@ansible.vagrant
domain_admin_password: password123!
safe_mode_password: password123!
state: domain_controller
read_only: true
site_name: London
- name: Promote server with custom paths
ansible.windows.win_domain_controller:
dns_domain_name: ansible.vagrant
domain_admin_user: testguy@ansible.vagrant
domain_admin_password: password123!
safe_mode_password: password123!
state: domain_controller
sysvol_path: D:\SYSVOL
database_path: D:\NTDS
domain_log_path: D:\NTDS
register: dc_promotion
- name: Reboot after promotion
ansible.windows.win_reboot:
when: dc_promotion.reboot_required
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
True if changes were made that require a reboot. Returned: always Sample: |
Status
This module will be removed in version 3.0.0. [deprecated]
For more information see DEPRECATED.