microsoft.ad.kds_root_key_info module – Gather information about one or more KDS root keys in a domain.

Note

This module is part of the microsoft.ad collection (version 1.10.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install microsoft.ad.

To use it in a playbook, specify: microsoft.ad.kds_root_key_info.

New in microsoft.ad 1.11.0

Synopsis

  • Gather information about one or more KDS root keys in a domain.

  • You can specify a key ID to return information about a specific key, or gather information about all keys.

Parameters

Parameter

Comments

key_id

string

The ID of the key that should be queried.

If this is not provided, all keys will be returned.

Attributes

Attribute

Support

Description

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target, if not supported the action will be skipped.

diff_mode

Support: none

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode

platform

Platform: windows

Target OS/families that can be operated against

Notes

Note

  • This module must be run on a Windows target host.

  • This module requires the Domain Administrator or Enterprise Administrator role to view KDS keys.

Examples

- name: Gather information about all keys in a domain
  microsoft.ad.kds_root_key_info:

- name: Gather information about a specific key
  microsoft.ad.kds_root_key_info:
    key_id: 11111111-1111-1111-1111-111111111111

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

kds_root_keys

list / elements=string

Information about any keys that were found.

Returned: always

creation_time

string

The creation time of the KDS root key.

Returned: always

Sample: "2026-03-16T15:13:36.7190000Z"

effective_time

string

The effective time of the KDS root key.

Keys are effective 10 hours after the effective time.

Returned: always

Sample: "2026-03-16T05:13:36.4151133Z"

key_id

string

The Guid of the KDS root key.

Returned: always

Sample: "12345678-1234-1234-1234-123456789012"

version_number

integer

The version number of the KDS root key.

Returned: always

Sample: 1

Authors

  • Mike Morency (@mikemorency)