search

ansible-collections / microsoft.ad

Ansible collection for Active Directory management
GNU General Public License v3.0
36 stars 19 forks source link

Add optional server argument to allow join to specific domain controller. #131

Open ddmrb opened 5 days ago

ddmrb commented 5 days ago
SUMMARY

Add optional server argument to allow join to specific domain controller.

ISSUE TYPE
COMPONENT NAME

microsoft.ad.membership

ADDITIONAL INFORMATION

In large environments with globally distributed domain controllers, a random domain controller is chosen during the join process. After joining and rebooting, the host may fail to log in to the domain because the join might have been completed on a remote domain controller. In such cases, the domain replication changes may not have propagated to the domain controller handling the login request. Assigning a specific domain controller will avoid this issue. See -server parameter from add-computer cmdlet: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/add-computer?view=powershell-5.1

- name: join host to ansible.vagrant with automatic reboot
  microsoft.ad.membership:
    dns_domain_name: ansible.vagrant
    hostname: mydomainclient
    domain_admin_user: testguy@ansible.vagrant
    domain_admin_password: password123!
    domain_ou_path: "OU=Windows,OU=Servers,DC=ansible,DC=vagrant"
    server: mynearestloginserver
    state: domain
    reboot: true
Yannik commented 2 days ago

I presume that Add-Computer uses DsGetDcName to lookup the DC to use, so it should use the closest one (requires you to have your sites configured correctly). Nonetheless, this feature might be useful in some cases, I do not see a harm in adding it.