I probably could've done a better job with the actual docs descriptions on these (PRs welcome ;) )...
win_domain is for "ensuring that the given domain exists", creating a new forest/domain on the target machine if not. win_domain_controller is for switching a host between domain controller and member server status on an existing domain. win_domain_membership is for switching a host between a workgroup member and a domain member. The domain admin creds for the DC and Membership modules are to specify existing domain admin credentials used to join/leave the domain or promote to a DC (since you can't connect with domain creds to a workgroup host, and the DC promotion module doesn't require that you're already a member of the domain). When creating a new domain, all admin accounts that exist on the host are automatically domain admins for the new domain. These modules are nowhere near exhaustive WRT the capabilities for creating a new domain, they just scratched an itch I had for doing this under our CI. We're currently not testing domain anything, something I'm hoping to change for 2.4, but it requires "throwaway" domains, which we now have the capability to create. -Matt On Wednesday, March 22, 2017 at 10:09:43 AM UTC-7, J Hawkesworth wrote: > > Hello, > > There are 3 new modules in ansible 2.3 to do with creating and setting up > Windows Active Directory domain controllers. > > https://docs.ansible.com/ansible/win_domain_module.html > https://docs.ansible.com/ansible/win_domain_membership_module.html > https://docs.ansible.com/ansible/win_domain_controller_module.html > > Is anyone else experimenting with these yet? > > I am trying to set up a pair of domain controllers but not sure the order > I should be doing things in. > Looks like call win_domain on primary to create a forest first, but after > that I am a bit confused as it seems I need to make secondary dc a member > of the domain first, but I am unable to get the second machine to join the > new domain created on the primary as the win_domain_membership call fails > with. > > "failed to join domain 'testdomain.local' from its current workgroup > \r\n'WORKGROUP' with following error message: The specified domain either > does not exist or could not be contacted." > > Also both this module and win_domain_controller ask for a domain > adminstrator user/password but I'm not sure how to create the domain admin > user (being something of a programmer I've not had to set up my own domain > before). Maybe I just need to call Add-ADUser ? > > Any pointers would be gratefully received. > > Many thanks, > > Jon > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1a8122f7-45a8-4432-bad3-56a8af2fd330%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
