[ansible-project] Issuing creating domain users with module win_dsc and resource xADuser parsing pscredentials

Sun, 13 Jan 2019 11:58:36 -0800 


I'm trying to create a bunch of domain application test accounts with the 
same password using DSC Resource xADUser.

I have a file called secrets.yml that contains the password for these 
accounts - secrets.yml is encrypted via Vault. This also includes 
ansible_admin_user 
and ansible_admin_pwd

I get a warning when running the play of "[WARNING]: failed to cast 
property Password from 'XXXXXXX' of type System.String to type 
System.Management.Automation.PSCredential, the DSC engine may ignore this 
property with an invalid cast

And the play fails with.... "msg": "Convert property 'Password' value from 
type 'STRING' to type 'INSTANCE' failed"......

Running Ansible 2.7

Domain controllers are W2K12 R2

- hosts: dcs gather_facts: no vars_files: - vars/secrets.yml tasks: - name: 
Create new test accounts (DEV + Test Env) win_dsc: resource_name: xADUser

PsDscRunAsCredential_username: "{{ ansible_admin_user }}" 
PsDscRunAsCredential_password: "{{ ansible_admin_pwd }}" # This is stored 
in secrets.yml DomainName: test.com UserName: "{{ item.user }}" Password: 
"{{ testuser_pwd }}" # This is stored in secrets.yml - encrypted via Vault 
Ensure: present Path: "{{ testers_ou }}" DisplayName: "{{ item.user }}" 
GivenName: "{{ item.user }}" Description: "{{ item.description }}" Enabled: 
true PasswordNeverExpires: true loop: "{{ testers }}" #list defined in 
group_vars


The psdscrunascredential_username I specified above is a domain admin 
account that Ansible uses to run tasks against Windows boxes - password 
stored in "PsDscRunAsCredential_password" is not the pwd stored in 
parameter "password"/variable "testuser_pwd" as per first post.


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ecb12332-13f1-43cd-b148-ccaf04452770%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to