<https://lh3.googleusercontent.com/-oJBE5BytxSQ/WNK5fijFq2I/AAAAAAAAv9s/JzCi_hD7AcAkazkBz7e37cRXIbLAinRIACLcB/s1600/Selection_053.png> IIRC, dcpromo run on a machine not attached to the domain will have an option for "alternate credentials" to be set and then use DNS to contact the existing domain. I've only done it via the dcpromo GUI back in the day (on 2008). So there is probably a way to do it via commands or perhaps its part of an answer file? Never did bulk operations like that back so relied on the GUI.
When you make the initial domain it asks to enter a domain admin password in the dcpromo setup and creates the 'domain\Administrator' account and also removes local users at that point (or blocks off the use of any local accounts) and uses the AD database as the only user store. After the initial domain setup I believe the recommendation was also to rename the existing domain admin account from 'Administrator' to some other name not commonly targeted. Then creating a new user account you would just add to the 'Domain Admins' group. On Wednesday, March 22, 2017 at 1:09:43 PM UTC-4, J Hawkesworth wrote: > > Hello, > > There are 3 new modules in ansible 2.3 to do with creating and setting up > Windows Active Directory domain controllers. > > https://docs.ansible.com/ansible/win_domain_module.html > https://docs.ansible.com/ansible/win_domain_membership_module.html > https://docs.ansible.com/ansible/win_domain_controller_module.html > > Is anyone else experimenting with these yet? > > I am trying to set up a pair of domain controllers but not sure the order > I should be doing things in. > Looks like call win_domain on primary to create a forest first, but after > that I am a bit confused as it seems I need to make secondary dc a member > of the domain first, but I am unable to get the second machine to join the > new domain created on the primary as the win_domain_membership call fails > with. > > "failed to join domain 'testdomain.local' from its current workgroup > \r\n'WORKGROUP' with following error message: The specified domain either > does not exist or could not be contacted." > > Also both this module and win_domain_controller ask for a domain > adminstrator user/password but I'm not sure how to create the domain admin > user (being something of a programmer I've not had to set up my own domain > before). Maybe I just need to call Add-ADUser ? > > Any pointers would be gratefully received. > > Many thanks, > > Jon > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/662ec636-bec4-4bff-947e-186aa3283477%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
