search

ansible-collections / community.windows

Windows community collection for Ansible
https://galaxy.ansible.com/community/windows
GNU General Public License v3.0
206 stars 161 forks source link

Getting Active Directory path from a variable in win_domain_computer #492

Closed kagehisa closed 1 year ago

kagehisa commented 1 year ago
SUMMARY

When using win_domain_computer to create a computer object. It is not possible to define the OU in a variable and hand it over to the module. It is always necessary to write the OU in the task directly. This works:

- name: create server object
  community.windows.win_domain_computer:
      name: "{{ inventory_hostname_short | upper }}"
      sam_account_name: "{{ inventory_hostname_short | upper }}$"
      dns_hostname: "{{ inventory_hostname }}"
      ou: ou=server,dc=test,dc=de
      description: "{{ desc }}"
      enabled: yes
      state: present

This does not:

- set_fact:
     ad_path: ou=server,dc=test,dc=de

- name: create server object
  community.windows.win_domain_computer:
       name: "{{ inventory_hostname_short | upper }}"
       sam_account_name: "{{ inventory_hostname_short | upper }}$"
       dns_hostname: "{{ inventory_hostname }}"
       ou: "{{ ad_path }}"
       description: "{{ desc }}"
       enabled: yes
       state: present

The Example with OU provided via a variable gives me the following error:

Failed to create the AD object TESTSRV: The object name has bad syntax
ISSUE TYPE
COMPONENT NAME

win_domain_computer

ANSIBLE VERSION
ansible [core 2.11.6] 
  config file = /home/autif/windomain/ansible.cfg
  configured module search path = ['/home/autif/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/autif/.local/lib/python3.6/site-packages/ansible
  ansible collection location = /home/autif/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/autif/.local/bin/ansible
  python version = 3.6.15 (default, Sep 23 2021, 15:41:43) [GCC]
  jinja version = 2.10.1
  libyaml = False
COLLECTION VERSION
Collection        Version
----------------- -------
community.windows 1.12.0
CONFIGURATION
DEFAULT_ROLES_PATH(/home/autif/windomain/ansible.cfg) = ['/home/autif/windomain/roles', '/home/autif/.ansible/roles']
DEFAULT_VAULT_PASSWORD_FILE(/home/autif/windomain/ansible.cfg) = /home/autif/windomain/ansi-vault.py
OS / ENVIRONMENT

Execution Host: Suse 15 SP4 Target Host: Windows Server 2019

STEPS TO REPRODUCE
- set_fact:
     ad_path: ou=server,dc=test,dc=de

- name: create server object
  community.windows.win_domain_computer:
       name: "{{ inventory_hostname_short | upper }}"
       sam_account_name: "{{ inventory_hostname_short | upper }}$"
       dns_hostname: "{{ inventory_hostname }}"
       ou: "{{ ad_path }}"
       description: "{{ desc }}"
       enabled: yes
       state: present
EXPECTED RESULTS

Since all attributes are defined as string I would expect that the ou path can be supplied via a variable, just like the other parameters.

ACTUAL RESULTS

I receive an error like the one below:

fatal: testsrv.test.de ->psjumphost.test.de]: FAILED! => {
    "changed": false,
    "msg": "Failed to create the AD object TESTSRV: The object name has bad syntax"
}
kagehisa commented 1 year ago

Ok I figured out a way to assemble the AD String in a way that it is accepted by the module. Create ou as a list:

ad_path:
    - OU=server
    - DC=test
    - DC=de

And use it like this in the module:

- name: create computer object
  community.windows.win_domain_computer:
    name: "{{ inventory_hostname_short | upper }}"
    sam_account_name: "{{ inventory_hostname_short | upper }}$"
    dns_hostname: "{{ inventory_hostname }}"
    ou:  "{{ ad_path | join(',') }}"
    description: "{{ desc }}"
    enabled: yes
    state: present

I still don't know why this works and the other solution didn't but it works.