So, I have a playbook that is supposed to create a couple of scheduled tasks to run as a particular domain account using the community.windows.win_scheduled_task module. I run the playbook, and, while the playbook executes successfully, when I log into the remote host on which ansible created the schedule task to visually verify that the scheduled task was created correctly, the user account that the scheduled task is configured to run as is missing the domain. For example, consider this playbook:
When I run this playbook against my windows hosts, this is the scheduled task that gets created on the remote host:
As you can see, the account listed is completely missing the domain portion it should be configured with. Just to make sure, I went and configured the user to run as in the GUI, and this is what we see when the account is selected in the GUI:
So it is clear that the domain to which the user account belongs is available. It is also clear that account verification is taking place, as, while attempting to create this issue, attempting to supply an invalid password for the username resulted in an error indicating that the password was not valid for the supplied username. So, it is clear to me that the module is able to locate the account, but it is just not configuring the scheduled task correctly for some reason? Please let me know if there are any questions.
1) run the above playbook against domain-joined remote windows hosts. Make sure to change the username and password vars so that they reflect a valid domain user
2) After the playbook executes successfully, visually verify the user the scheduled task is configured to run as on the windows remote hosts.
EXPECTED RESULTS
I would expect that the scheduled task would be configured to run as the domain user that is configured in the ansible playbook.
ACTUAL RESULTS
When a scheduled task is configured to run as a domain user using the community.windows.win_scheduled_task module, the scheduled task that is actually created is missing the domain.
ansible-playbook -vvv -i inventory/post-deploy.yml playbook/beep.yml
ansible-playbook [core 2.15.8]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
ansible collection location = /home/ubuntu/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible-playbook
python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] (/usr/bin/python3)
jinja version = 3.0.3
libyaml = True
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /home/ubuntu/ansible/inventory/post-deploy.yml as it did not pass its verify_file() method
script declined parsing /home/ubuntu/ansible/inventory/post-deploy.yml as it did not pass its verify_file() method
Parsed /home/ubuntu/ansible/inventory/post-deploy.yml inventory source with yaml plugin
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: beep.yml **************************************************************************************************************************************************************************************************************
1 plays in playbook/beep.yml
PLAY [oseries] ******************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************************************************
task path: /home/ubuntu/ansible/playbook/beep.yml:3
redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
Using module file /home/ubuntu/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/setup.ps1
Pipelining is enabled.
<10.30.107.181> ESTABLISH WINRM CONNECTION FOR USER: ONPVERTEXINC\zzadmin on PORT 5986 TO 10.30.107.181
Using module file /home/ubuntu/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/setup.ps1
Pipelining is enabled.
<10.30.107.103> ESTABLISH WINRM CONNECTION FOR USER: ONPVERTEXINC\zzadmin on PORT 5986 TO 10.30.107.103
EXEC (via pipeline wrapper)
EXEC (via pipeline wrapper)
ok: [ouplift11a.onpvertexinc.com]
ok: [ouplift11b.onpvertexinc.com]
TASK [Create TJE scheduled task] ************************************************************************************************************************************************************************************************
task path: /home/ubuntu/ansible/playbook/beep.yml:18
Using module file /usr/lib/python3/dist-packages/ansible_collections/community/windows/plugins/modules/win_scheduled_task.ps1
Pipelining is enabled.
<10.30.107.181> ESTABLISH WINRM CONNECTION FOR USER: ONPVERTEXINC\zzadmin on PORT 5986 TO 10.30.107.181
Using module file /usr/lib/python3/dist-packages/ansible_collections/community/windows/plugins/modules/win_scheduled_task.ps1
Pipelining is enabled.
<10.30.107.103> ESTABLISH WINRM CONNECTION FOR USER: ONPVERTEXINC\zzadmin on PORT 5986 TO 10.30.107.103
EXEC (via pipeline wrapper)
EXEC (via pipeline wrapper)
changed: [ouplift11a.onpvertexinc.com] => {
"changed": true
}
changed: [ouplift11b.onpvertexinc.com] => {
"changed": true
}
PLAY RECAP **********************************************************************************************************************************************************************************************************************
ouplift11a.onpvertexinc.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
ouplift11b.onpvertexinc.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
SUMMARY
So, I have a playbook that is supposed to create a couple of scheduled tasks to run as a particular domain account using the community.windows.win_scheduled_task module. I run the playbook, and, while the playbook executes successfully, when I log into the remote host on which ansible created the schedule task to visually verify that the scheduled task was created correctly, the user account that the scheduled task is configured to run as is missing the domain. For example, consider this playbook:
When I run this playbook against my windows hosts, this is the scheduled task that gets created on the remote host:
As you can see, the account listed is completely missing the domain portion it should be configured with. Just to make sure, I went and configured the user to run as in the GUI, and this is what we see when the account is selected in the GUI:
So it is clear that the domain to which the user account belongs is available. It is also clear that account verification is taking place, as, while attempting to create this issue, attempting to supply an invalid password for the username resulted in an error indicating that the password was not valid for the supplied username. So, it is clear to me that the module is able to locate the account, but it is just not configuring the scheduled task correctly for some reason? Please let me know if there are any questions.
ISSUE TYPE
COMPONENT NAME
win_scheduled_task
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
Target OS version is Windows server 2019
STEPS TO REPRODUCE
Below is the playbook that I used, but the only parts that are relevant are likely the "username", "password", and "logon_type" properties:
1) run the above playbook against domain-joined remote windows hosts. Make sure to change the username and password vars so that they reflect a valid domain user 2) After the playbook executes successfully, visually verify the user the scheduled task is configured to run as on the windows remote hosts.
EXPECTED RESULTS
I would expect that the scheduled task would be configured to run as the domain user that is configured in the ansible playbook.
ACTUAL RESULTS
When a scheduled task is configured to run as a domain user using the community.windows.win_scheduled_task module, the scheduled task that is actually created is missing the domain.