Oh, and for the second DC once the domain exists, you'll need to use win_dns_client to point the 2nd host at the new DC's DNS server first, then use win_domain_controller to promote it (I haven't tried promoting a non-member server in awhile, but it worked at one point, so you *probably* don't need to use win_domain_membership to join the would-be-2nd-DC to the domain first).
On Wednesday, March 22, 2017 at 4:07:49 PM UTC-7, Matt Davis wrote: > > I probably could've done a better job with the actual docs descriptions on > these (PRs welcome ;) )... > > win_domain is for "ensuring that the given domain exists", creating a new > forest/domain on the target machine if not. > win_domain_controller is for switching a host between domain controller > and member server status on an existing domain. > win_domain_membership is for switching a host between a workgroup member > and a domain member. > > The domain admin creds for the DC and Membership modules are to specify > existing domain admin credentials used to join/leave the domain or promote > to a DC (since you can't connect with domain creds to a workgroup host, and > the DC promotion module doesn't require that you're already a member of the > domain). When creating a new domain, all admin accounts that exist on the > host are automatically domain admins for the new domain. > > These modules are nowhere near exhaustive WRT the capabilities for > creating a new domain, they just scratched an itch I had for doing this > under our CI. We're currently not testing domain anything, something I'm > hoping to change for 2.4, but it requires "throwaway" domains, which we now > have the capability to create. > > -Matt > > On Wednesday, March 22, 2017 at 10:09:43 AM UTC-7, J Hawkesworth wrote: >> >> Hello, >> >> There are 3 new modules in ansible 2.3 to do with creating and setting up >> Windows Active Directory domain controllers. >> >> https://docs.ansible.com/ansible/win_domain_module.html >> https://docs.ansible.com/ansible/win_domain_membership_module.html >> https://docs.ansible.com/ansible/win_domain_controller_module.html >> >> Is anyone else experimenting with these yet? >> >> I am trying to set up a pair of domain controllers but not sure the order >> I should be doing things in. >> Looks like call win_domain on primary to create a forest first, but after >> that I am a bit confused as it seems I need to make secondary dc a member >> of the domain first, but I am unable to get the second machine to join the >> new domain created on the primary as the win_domain_membership call fails >> with. >> >> "failed to join domain 'testdomain.local' from its current workgroup >> \r\n'WORKGROUP' with following error message: The specified domain either >> does not exist or could not be contacted." >> >> Also both this module and win_domain_controller ask for a domain >> adminstrator user/password but I'm not sure how to create the domain admin >> user (being something of a programmer I've not had to set up my own domain >> before). Maybe I just need to call Add-ADUser ? >> >> Any pointers would be gratefully received. >> >> Many thanks, >> >> Jon >> >> >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/49fadc47-c3a2-46e1-81c8-36cd371867b7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
