Thanks for the above everyone. I think I'll start by making my domain (which is really going to be disposable) run on a single node and then tackle adding the second node later. Jon
On Wednesday, March 22, 2017 at 11:20:00 PM UTC, Matt Davis wrote: > > Oh, and for the second DC once the domain exists, you'll need to use > win_dns_client to point the 2nd host at the new DC's DNS server first, then > use win_domain_controller to promote it (I haven't tried promoting a > non-member server in awhile, but it worked at one point, so you *probably* > don't need to use win_domain_membership to join the would-be-2nd-DC to the > domain first). > > On Wednesday, March 22, 2017 at 4:07:49 PM UTC-7, Matt Davis wrote: >> >> I probably could've done a better job with the actual docs descriptions >> on these (PRs welcome ;) )... >> >> win_domain is for "ensuring that the given domain exists", creating a new >> forest/domain on the target machine if not. >> win_domain_controller is for switching a host between domain controller >> and member server status on an existing domain. >> win_domain_membership is for switching a host between a workgroup member >> and a domain member. >> >> The domain admin creds for the DC and Membership modules are to specify >> existing domain admin credentials used to join/leave the domain or promote >> to a DC (since you can't connect with domain creds to a workgroup host, and >> the DC promotion module doesn't require that you're already a member of the >> domain). When creating a new domain, all admin accounts that exist on the >> host are automatically domain admins for the new domain. >> >> These modules are nowhere near exhaustive WRT the capabilities for >> creating a new domain, they just scratched an itch I had for doing this >> under our CI. We're currently not testing domain anything, something I'm >> hoping to change for 2.4, but it requires "throwaway" domains, which we now >> have the capability to create. >> >> -Matt >> >> On Wednesday, March 22, 2017 at 10:09:43 AM UTC-7, J Hawkesworth wrote: >>> >>> Hello, >>> >>> There are 3 new modules in ansible 2.3 to do with creating and setting >>> up Windows Active Directory domain controllers. >>> >>> https://docs.ansible.com/ansible/win_domain_module.html >>> https://docs.ansible.com/ansible/win_domain_membership_module.html >>> https://docs.ansible.com/ansible/win_domain_controller_module.html >>> >>> Is anyone else experimenting with these yet? >>> >>> I am trying to set up a pair of domain controllers but not sure the >>> order I should be doing things in. >>> Looks like call win_domain on primary to create a forest first, but >>> after that I am a bit confused as it seems I need to make secondary dc a >>> member of the domain first, but I am unable to get the second machine to >>> join the new domain created on the primary as the win_domain_membership >>> call fails with. >>> >>> "failed to join domain 'testdomain.local' from its current workgroup >>> \r\n'WORKGROUP' with following error message: The specified domain either >>> does not exist or could not be contacted." >>> >>> Also both this module and win_domain_controller ask for a domain >>> adminstrator user/password but I'm not sure how to create the domain admin >>> user (being something of a programmer I've not had to set up my own domain >>> before). Maybe I just need to call Add-ADUser ? >>> >>> Any pointers would be gratefully received. >>> >>> Many thanks, >>> >>> Jon >>> >>> >>> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ff605d10-f71c-4549-a457-2ea36a72b649%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
