>From the box I've got with AD:LDS installed PS C:\Users\jal011adm> get-adgroup -identity GDAnsible -server localhost > get-adgroup : Parameter: 'Partition' is required for this operation. > At line:1 char:1 > + get-adgroup -identity GDAnsible -server localhost > + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > + CategoryInfo : InvalidArgument: (GDAnsible:ADGroup) > [Get-ADGroup], ArgumentException > + FullyQualifiedErrorId : > ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADGroup
Digging further into it For AD LDS environments, the Partition parameter must be specified except in the following two conditions: -The cmdlet is run from an Active Directory provider drive. -A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. Source: https://docs.microsoft.com/en-us/powershell/module/activedirectory/add-adprincipalgroupmembership?view=winserver2012-ps On Wednesday, February 5, 2020 at 11:36:27 AM UTC-5, Jesse Lyon wrote: > > https://pastebin.com/Zst497QW > > On Wednesday, February 5, 2020 at 9:51:14 AM UTC-5, Jesse Lyon wrote: >> >> Attempting to implement group creation/management playbooks via a jump >> box running AD LDS nets us the below error >> >> The play itself isn't overly complicated... *yet.* >> >>> ##CREATING RW GROUPS >>> tasks: >>> - name: Verify we connect for debug >>> win_shell: hostname >>> - name: H - Create the RW DL Group >>> win_domain_group: >>> state: present >>> domain_server: "{{ h_domain_server }}" >>> domain_username: "{{ h_domain_username }}" >>> domain_password: "{{ h_domain_password }}" >>> name: "{{ h_dl_prefix }}{{ dl_name }}{{suffix_RW}}" >>> scope: domainlocal >>> path: "{{ h_dl_path }}" >>> # description: "{{ description_rw }}" >> >> >> >> But having ripped apart the .ps1 file and the .py file that support the >> module, I'm yet to identify where the heck I can list a partition. >> >> fatal: [REDACTED]: FAILED! => { >>> "changed": false, >>> "created": false, >>> "msg": "failed to retrieve initial details for group REDACTED: >>> Parameter: 'Partition' is required for this operation." >> >> >> >> To be clear, that is definitely the entire output of errors with -vvvv, >> everything before the erorr is kinit authenticating. >> If AD: LDS isn't applicable, that's fine, the org I'm with is trying to >> give us the least possible footprint to shoot ourselves in the foot with, >> before just giving me wide open throttle to a DC itself. >> >> halp? >> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c739dfdf-a4db-4243-86c9-ac0765a801d3%40googlegroups.com.
