summaryrefslogtreecommitdiffstats
path: root/ansible_collections/microsoft/ad/tests/integration
diff options
context:
space:
mode:
Diffstat (limited to 'ansible_collections/microsoft/ad/tests/integration')
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/computer/tasks/tests.yml52
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/domain_child/README.md36
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/domain_child/Vagrantfile27
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/domain_child/aliases2
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/domain_child/ansible.cfg4
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/domain_child/inventory.yml28
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/domain_child/setup.yml71
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/domain_child/tasks/cross_domain.yml596
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/domain_child/tasks/main_child.yml98
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/domain_child/tasks/main_tree.yml91
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/domain_child/test.yml146
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/group/tasks/tests.yml11
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/membership/tasks/main.yml269
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/ou/tasks/tests.yml3
-rw-r--r--ansible_collections/microsoft/ad/tests/integration/targets/user/tasks/tests.yml15
15 files changed, 1400 insertions, 49 deletions
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/computer/tasks/tests.yml b/ansible_collections/microsoft/ad/tests/integration/targets/computer/tasks/tests.yml
index 2a403c3d5..3619df40b 100644
--- a/ansible_collections/microsoft/ad/tests/integration/targets/computer/tasks/tests.yml
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/computer/tasks/tests.yml
@@ -99,14 +99,41 @@
that:
- not remove_comp_again is changed
+- name: expect failure with invalid DN lookup entry - no name
+ computer:
+ name: MyComputer
+ state: present
+ delegates:
+ set:
+ - CN=krbtgt,CN=Users,{{ setup_domain_info.output[0].defaultNamingContext }}
+ - server: fail
+ register: invalid_dn_lookup_no_name
+ failed_when: >-
+ invalid_dn_lookup_no_name.msg != "Failed to find the AD object DNs for delegates.set. Identity entry does not contain the required name key."
+
+- name: expect failure with invalid DN lookup entry - extra keys
+ computer:
+ name: MyComputer
+ state: present
+ delegates:
+ add:
+ - name: name
+ invalid2: bar
+ invalid1: foo
+ register: invalid_dn_lookup_extra_keys
+ failed_when: >-
+ invalid_dn_lookup_extra_keys.msg != "Failed to find the AD object DNs for delegates.add. Identity entry for 'name' contains extra keys: 'invalid1', 'invalid2'."
+
- name: create computer with custom options
computer:
name: MyComputer
state: present
delegates:
+ lookup_failure_action: ignore
set:
- CN=krbtgt,CN=Users,{{ setup_domain_info.output[0].defaultNamingContext }}
- - CN=Administrator,CN=Users,{{ setup_domain_info.output[0].defaultNamingContext }}
+ - name: CN=Administrator,CN=Users,{{ setup_domain_info.output[0].defaultNamingContext }}
+ - CN=Missing,{{ setup_domain_info.output[0].defaultNamingContext }}
kerberos_encryption_types:
set:
- aes128
@@ -188,8 +215,11 @@
name: MyComputer
path: CN=Users,{{ setup_domain_info.output[0].defaultNamingContext }}
delegates:
+ lookup_failure_action: warn
set:
- - CN=KRBTGT,CN=Users,{{ setup_domain_info.output[0].defaultNamingContext }}
+ - name: CN=KRBTGT,CN=Users,{{ setup_domain_info.output[0].defaultNamingContext }}
+ - ''
+ - CN=Missing,{{ setup_domain_info.output[0].defaultNamingContext }}
dns_hostname: other.domain.com
kerberos_encryption_types:
set:
@@ -236,6 +266,9 @@
assert:
that:
- change_comp is changed
+ - change_comp.warnings | length == 1
+ - >-
+ change_comp.warnings[0] == "Failed to find the AD object DNs for delegates.set. Ignoring invalid identities: 'CN=Missing," ~ setup_domain_info.output[0].defaultNamingContext ~ "'"
- change_comp_actual.objects[0].dnsHostName == 'other.domain.com'
- change_comp_actual.objects[0].location == 'comp location'
- change_comp_actual.objects[0]['msDS-SupportedEncryptionTypes'] == 20
@@ -247,6 +280,17 @@
- '"ADS_UF_TRUSTED_FOR_DELEGATION" not in change_comp_actual.objects[0].userAccountControl_AnsibleFlags'
- change_comp_delegates.output == ["krbtgt"]
+- name: fail with invalid delegate identity
+ computer:
+ name: MyComputer
+ path: CN=Users,{{ setup_domain_info.output[0].defaultNamingContext }}
+ delegates:
+ set:
+ - CN=Missing,{{ setup_domain_info.output[0].defaultNamingContext }}
+ register: invalid_delegate
+ failed_when: >-
+ invalid_delegate.msg != "Failed to find the AD object DNs for delegates.set. Invalid identities: 'CN=Missing," ~ setup_domain_info.output[0].defaultNamingContext ~ "'"
+
- name: add and remove list options
computer:
name: MyComputer
@@ -254,9 +298,10 @@
delegates:
add:
- CN=Administrator,CN=Users,{{ setup_domain_info.output[0].defaultNamingContext }}
+ - ''
remove:
+ - name: ''
- CN=KRBTGT,CN=Users,{{ setup_domain_info.output[0].defaultNamingContext }}
- - CN=Missing,{{ setup_domain_info.output[0].defaultNamingContext }}
kerberos_encryption_types:
add:
- aes128
@@ -305,7 +350,6 @@
- CN=Administrator,CN=Users,{{ setup_domain_info.output[0].defaultNamingContext }}
remove:
- CN=KRBTGT,CN=Users,{{ setup_domain_info.output[0].defaultNamingContext }}
- - CN=Missing,{{ setup_domain_info.output[0].defaultNamingContext }}
kerberos_encryption_types:
add:
- aes128
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/README.md b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/README.md
new file mode 100644
index 000000000..f7bc08ff1
--- /dev/null
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/README.md
@@ -0,0 +1,36 @@
+# microsoft.ad.domain_child tests
+
+As this cannot be run in CI this is a brief guide on how to run these tests locally.
+Run the following:
+
+```bash
+vagrant up
+
+ansible-playbook setup.yml
+```
+
+It is a good idea to create a snapshot of both hosts before running the tests.
+This allows you to reset the host back to a blank starting state if the tests need to be rerun.
+To create a snapshot do the following:
+
+```bash
+virsh snapshot-create-as --domain "domain_child_PARENT" --name "pretest"
+virsh snapshot-create-as --domain "domain_child_CHILD" --name "pretest"
+virsh snapshot-create-as --domain "domain_child_TREE" --name "pretest"
+```
+
+To restore these snapshots run the following:
+
+```bash
+virsh snapshot-revert --domain "domain_child_PARENT" --snapshotname "pretest" --running
+virsh snapshot-revert --domain "domain_child_CHILD" --snapshotname "pretest" --running
+virsh snapshot-revert --domain "domain_child_TREE" --snapshotname "pretest" --running
+```
+
+Once you are ready to run the tests run the following:
+
+```bash
+ansible-playbook test.yml
+```
+
+Run `vagrant destroy` to remove the test VMs.
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/Vagrantfile b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/Vagrantfile
new file mode 100644
index 000000000..13af40311
--- /dev/null
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/Vagrantfile
@@ -0,0 +1,27 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+require 'yaml'
+
+inventory = YAML.load_file('inventory.yml')
+
+Vagrant.configure("2") do |config|
+ inventory['all']['children'].each do |group,details|
+ details['hosts'].each do |server,host_details|
+ config.vm.define server do |srv|
+ srv.vm.box = host_details['vagrant_box']
+ srv.vm.hostname = server
+ srv.vm.network :private_network,
+ :ip => host_details['ansible_host'],
+ :libvirt__network_name => 'microsoft.ad',
+ :libvirt__domain_name => inventory['all']['vars']['domain_realm']
+
+ srv.vm.provider :libvirt do |l|
+ l.memory = 8192
+ l.cpus = 4
+ end
+ end
+ end
+ end
+end
+
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/aliases b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/aliases
new file mode 100644
index 000000000..435ff207d
--- /dev/null
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/aliases
@@ -0,0 +1,2 @@
+windows
+unsupported # can never run in CI, see README.md
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/ansible.cfg b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/ansible.cfg
new file mode 100644
index 000000000..cfedec78f
--- /dev/null
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/ansible.cfg
@@ -0,0 +1,4 @@
+[defaults]
+callback_result_format = yaml
+inventory = inventory.yml
+retry_files_enabled = False
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/inventory.yml b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/inventory.yml
new file mode 100644
index 000000000..e57f75516
--- /dev/null
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/inventory.yml
@@ -0,0 +1,28 @@
+all:
+ children:
+ windows:
+ hosts:
+ PARENT:
+ ansible_host: 192.168.11.10
+ vagrant_box: jborean93/WindowsServer2022
+ CHILD:
+ ansible_host: 192.168.11.11
+ vagrant_box: jborean93/WindowsServer2022
+ new_hostname: foo
+ child_domain_name: child.ad.test
+ TREE:
+ ansible_host: 192.168.11.12
+ vagrant_box: jborean93/WindowsServer2022
+ new_hostname: bar
+ child_domain_name: tree.test
+ vars:
+ ansible_port: 5985
+ ansible_connection: psrp
+
+ vars:
+ ansible_user: vagrant
+ ansible_password: vagrant
+ domain_username: vagrant-domain
+ domain_user_upn: '{{ domain_username }}@{{ domain_realm | upper }}'
+ domain_password: VagrantPass1
+ domain_realm: ad.test
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/setup.yml b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/setup.yml
new file mode 100644
index 000000000..de0843829
--- /dev/null
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/setup.yml
@@ -0,0 +1,71 @@
+- name: setup common Windows information
+ hosts: windows
+ gather_facts: no
+
+ tasks:
+ - name: get network connection names
+ ansible.windows.win_powershell:
+ parameters:
+ IPAddress: '{{ ansible_host }}'
+ script: |
+ param ($IPAddress)
+
+ $Ansible.Changed = $false
+
+ Get-CimInstance -ClassName Win32_NetworkAdapter -Filter "Netenabled='True'" |
+ ForEach-Object -Process {
+ $config = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration -Filter "Index='$($_.Index)'"
+ if ($config.IPAddress -contains $IPAddress) {
+ $_.NetConnectionID
+ }
+ }
+ register: connection_name
+
+- name: create parent forest
+ hosts: PARENT
+ gather_facts: no
+
+ tasks:
+ - name: set the DNS for the internal adapters to localhost
+ ansible.windows.win_dns_client:
+ adapter_names:
+ - '{{ connection_name.output[0] }}'
+ dns_servers:
+ - 127.0.0.1
+
+ - name: ensure domain exists and DC is promoted as a domain controller
+ microsoft.ad.domain:
+ dns_domain_name: '{{ domain_realm }}'
+ safe_mode_password: '{{ domain_password }}'
+ reboot: true
+
+ - name: create parent domain username
+ microsoft.ad.user:
+ name: '{{ domain_username }}'
+ upn: '{{ domain_user_upn }}'
+ description: '{{ domain_username }} Domain Account'
+ password: '{{ domain_password }}'
+ password_never_expires: yes
+ update_password: when_changed
+ groups:
+ add:
+ - Domain Admins
+ - Enterprise Admins
+ state: present
+
+- name: setup test host
+ hosts: CHILD,TREE
+ gather_facts: no
+
+ tasks:
+ - name: set DNS for the private adapter to point to the parent forest DC
+ ansible.windows.win_dns_client:
+ adapter_names:
+ - '{{ connection_name.output[0] }}'
+ dns_servers:
+ - '{{ hostvars["PARENT"]["ansible_host"] }}'
+
+ - name: install RSAT tools for debugging purposes
+ ansible.windows.win_feature:
+ name: RSAT-AD-PowerShell
+ state: present
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/tasks/cross_domain.yml b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/tasks/cross_domain.yml
new file mode 100644
index 000000000..611beedac
--- /dev/null
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/tasks/cross_domain.yml
@@ -0,0 +1,596 @@
+- name: create test object in parent domain with domain_username creds - check mode
+ microsoft.ad.user:
+ name: ParentUser1
+ path: '{{ parent_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_server: '{{ domain_realm }}'
+ domain_username: '{{ domain_user_upn }}'
+ domain_password: '{{ domain_password }}'
+ register: user_with_creds1_check
+ check_mode: true
+ delegate_to: CHILD
+
+- name: get result of create test object in parent domain with domain_username creds - check mode
+ microsoft.ad.object_info:
+ identity: CN=ParentUser1,{{ parent_ou }}
+ register: user_with_creds1_check_actual
+ delegate_to: PARENT
+
+- name: assert create test object in parent domain with domain_username creds - check mode
+ assert:
+ that:
+ - user_with_creds1_check is changed
+ - user_with_creds1_check.distinguished_name == "CN=ParentUser1," ~ parent_ou
+ - user_with_creds1_check_actual.objects == []
+
+- name: create test object in parent domain with domain_username creds
+ microsoft.ad.user:
+ name: ParentUser1
+ path: '{{ parent_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_server: '{{ domain_realm }}'
+ domain_username: '{{ domain_user_upn }}'
+ domain_password: '{{ domain_password }}'
+ register: user_with_creds1
+ delegate_to: CHILD
+
+- name: get result of create test object in parent domain with domain_username creds
+ microsoft.ad.object_info:
+ identity: CN=ParentUser1,{{ parent_ou }}
+ register: user_with_creds1_actual
+ delegate_to: PARENT
+
+- name: assert create test object in parent domain with domain_username creds
+ assert:
+ that:
+ - user_with_creds1 is changed
+ - user_with_creds1.distinguished_name == "CN=ParentUser1," ~ parent_ou
+ - user_with_creds1_actual.objects | count == 1
+ - user_with_creds1_actual.objects[0].ObjectGUID == user_with_creds1.object_guid
+ - user_with_creds1_actual.objects[0].DistinguishedName == user_with_creds1.distinguished_name
+
+- name: create test object in parent domain with domain_username creds - idempotent
+ microsoft.ad.user:
+ name: ParentUser1
+ path: '{{ parent_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_server: '{{ domain_realm }}'
+ domain_username: '{{ domain_user_upn }}'
+ domain_password: '{{ domain_password }}'
+ register: user_with_creds1_again
+ delegate_to: CHILD
+
+- name: assert create test object in parent domain with domain_username creds - idempotent
+ assert:
+ that:
+ - not user_with_creds1_again is changed
+ - user_with_creds1_again.distinguished_name == user_with_creds1.distinguished_name
+ - user_with_creds1_again.object_guid == user_with_creds1.object_guid
+
+- name: create test object in parent domain with domain_credentials creds - check mode
+ microsoft.ad.user:
+ name: ParentUser2
+ path: '{{ parent_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_server: '{{ domain_realm }}'
+ domain_credentials:
+ - username: '{{ domain_user_upn }}'
+ password: '{{ domain_password }}'
+ register: user_with_creds2_check
+ check_mode: true
+ delegate_to: CHILD
+
+- name: get result of create test object in parent domain with domain_credentials creds - check mode
+ microsoft.ad.object_info:
+ identity: CN=ParentUser2,{{ parent_ou }}
+ register: user_with_creds2_check_actual
+ delegate_to: PARENT
+
+- name: assert create test object in parent domain with domain_credentials creds - check mode
+ assert:
+ that:
+ - user_with_creds2_check is changed
+ - user_with_creds2_check.distinguished_name == "CN=ParentUser2," ~ parent_ou
+ - user_with_creds2_check_actual.objects == []
+
+- name: create test object in parent domain with domain_credentials creds
+ microsoft.ad.user:
+ name: ParentUser2
+ path: '{{ parent_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_server: '{{ domain_realm }}'
+ domain_credentials:
+ - username: '{{ domain_user_upn }}'
+ password: '{{ domain_password }}'
+ register: user_with_creds2
+ delegate_to: CHILD
+
+- name: get result of create test object in parent domain with domain_credentials creds
+ microsoft.ad.object_info:
+ identity: CN=ParentUser2,{{ parent_ou }}
+ register: user_with_creds2_actual
+ delegate_to: PARENT
+
+- name: assert create test object in parent domain with domain_credentials creds
+ assert:
+ that:
+ - user_with_creds2 is changed
+ - user_with_creds2.distinguished_name == "CN=ParentUser2," ~ parent_ou
+ - user_with_creds2_actual.objects | count == 1
+ - user_with_creds2_actual.objects[0].ObjectGUID == user_with_creds2.object_guid
+ - user_with_creds2_actual.objects[0].DistinguishedName == user_with_creds2.distinguished_name
+
+- name: create test object in parent domain with domain_credentials creds - idempotent
+ microsoft.ad.user:
+ name: ParentUser2
+ path: '{{ parent_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_server: '{{ domain_realm }}'
+ domain_credentials:
+ - username: '{{ domain_user_upn }}'
+ password: '{{ domain_password }}'
+ register: user_with_creds2_again
+ delegate_to: CHILD
+
+- name: assert create test object in parent domain with domain_credentials creds - idempotent
+ assert:
+ that:
+ - not user_with_creds2_again is changed
+ - user_with_creds2_again.distinguished_name == user_with_creds2.distinguished_name
+ - user_with_creds2_again.object_guid == user_with_creds2.object_guid
+
+- name: edit user with domain_username creds - check mode
+ microsoft.ad.user:
+ name: ParentUser1
+ path: '{{ parent_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_server: '{{ domain_realm }}'
+ domain_username: '{{ domain_user_upn }}'
+ domain_password: '{{ domain_password }}'
+ description: User Description
+ spn:
+ set:
+ - HTTP/ParentUser1
+ attributes:
+ set:
+ comment: My comment
+ register: set_with_creds1_check
+ delegate_to: CHILD
+ check_mode: true
+
+- name: get result of set user with domain_username creds - check mode
+ microsoft.ad.object_info:
+ identity: '{{ user_with_creds1.object_guid }}'
+ properties:
+ - comment
+ - Description
+ - servicePrincipalName
+ register: set_with_creds1_check_actual
+ delegate_to: PARENT
+
+- name: assert set user with domain_username creds - check mode
+ assert:
+ that:
+ - set_with_creds1_check is changed
+ - set_with_creds1_check.distinguished_name == user_with_creds1.distinguished_name
+ - set_with_creds1_check.object_guid == user_with_creds1.object_guid
+ - set_with_creds1_check_actual.objects[0].Description == None
+ - set_with_creds1_check_actual.objects[0].DistinguishedName == user_with_creds1.distinguished_name
+ - set_with_creds1_check_actual.objects[0].Name == 'ParentUser1'
+ - set_with_creds1_check_actual.objects[0].ObjectGUID == user_with_creds1.object_guid
+ - set_with_creds1_check_actual.objects[0].comment == None
+ - set_with_creds1_check_actual.objects[0].servicePrincipalName == None
+
+- name: edit user with domain_username creds
+ microsoft.ad.user:
+ name: ParentUser1
+ path: '{{ parent_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_server: '{{ domain_realm }}'
+ domain_username: '{{ domain_user_upn }}'
+ domain_password: '{{ domain_password }}'
+ description: User Description
+ spn:
+ set:
+ - HTTP/ParentUser1
+ attributes:
+ set:
+ comment: My comment
+ register: set_with_creds1
+ delegate_to: CHILD
+
+- name: get result of set user with domain_username creds
+ microsoft.ad.object_info:
+ identity: '{{ user_with_creds1.object_guid }}'
+ properties:
+ - comment
+ - Description
+ - servicePrincipalName
+ register: set_with_creds1_actual
+ delegate_to: PARENT
+
+- name: assert set user with domain_username creds
+ assert:
+ that:
+ - set_with_creds1 is changed
+ - set_with_creds1.distinguished_name == user_with_creds1.distinguished_name
+ - set_with_creds1.object_guid == user_with_creds1.object_guid
+ - set_with_creds1_actual.objects[0].Description == "User Description"
+ - set_with_creds1_actual.objects[0].DistinguishedName == user_with_creds1.distinguished_name
+ - set_with_creds1_actual.objects[0].Name == 'ParentUser1'
+ - set_with_creds1_actual.objects[0].ObjectGUID == user_with_creds1.object_guid
+ - set_with_creds1_actual.objects[0].comment == "My comment"
+ - set_with_creds1_actual.objects[0].servicePrincipalName == "HTTP/ParentUser1"
+
+- name: edit user with domain_credentials creds - check mode
+ microsoft.ad.user:
+ name: ParentUser2
+ path: '{{ parent_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_server: '{{ domain_realm }}'
+ domain_credentials:
+ - username: '{{ domain_user_upn }}'
+ password: '{{ domain_password }}'
+ description: User Description
+ spn:
+ set:
+ - HTTP/ParentUser2
+ attributes:
+ set:
+ comment: My comment
+ register: set_with_creds2_check
+ delegate_to: CHILD
+ check_mode: true
+
+- name: get result of set user with domain_credentials creds - check mode
+ microsoft.ad.object_info:
+ identity: '{{ user_with_creds2.object_guid }}'
+ properties:
+ - comment
+ - Description
+ - servicePrincipalName
+ register: set_with_creds2_check_actual
+ delegate_to: PARENT
+
+- name: assert set user with domain_credentials creds - check mode
+ assert:
+ that:
+ - set_with_creds2_check is changed
+ - set_with_creds2_check.distinguished_name == user_with_creds2.distinguished_name
+ - set_with_creds2_check.object_guid == user_with_creds2.object_guid
+ - set_with_creds2_check_actual.objects[0].Description == None
+ - set_with_creds2_check_actual.objects[0].DistinguishedName == user_with_creds2.distinguished_name
+ - set_with_creds2_check_actual.objects[0].Name == 'ParentUser2'
+ - set_with_creds2_check_actual.objects[0].ObjectGUID == user_with_creds2.object_guid
+ - set_with_creds2_check_actual.objects[0].comment == None
+ - set_with_creds2_check_actual.objects[0].servicePrincipalName == None
+
+- name: edit user with domain_credentials creds
+ microsoft.ad.user:
+ name: ParentUser2
+ path: '{{ parent_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_server: '{{ domain_realm }}'
+ domain_credentials:
+ - username: '{{ domain_user_upn }}'
+ password: '{{ domain_password }}'
+ description: User Description
+ spn:
+ set:
+ - HTTP/ParentUser2
+ attributes:
+ set:
+ comment: My comment
+ register: set_with_creds2
+ delegate_to: CHILD
+
+- name: get result of set user with domain_credentials creds
+ microsoft.ad.object_info:
+ identity: '{{ user_with_creds2.object_guid }}'
+ properties:
+ - comment
+ - Description
+ - servicePrincipalName
+ register: set_with_creds2_actual
+ delegate_to: PARENT
+
+- name: assert set user with domain_credentials creds
+ assert:
+ that:
+ - set_with_creds2 is changed
+ - set_with_creds2.distinguished_name == user_with_creds2.distinguished_name
+ - set_with_creds2.object_guid == user_with_creds2.object_guid
+ - set_with_creds2_actual.objects[0].Description == "User Description"
+ - set_with_creds2_actual.objects[0].DistinguishedName == user_with_creds2.distinguished_name
+ - set_with_creds2_actual.objects[0].Name == 'ParentUser2'
+ - set_with_creds2_actual.objects[0].ObjectGUID == user_with_creds2.object_guid
+ - set_with_creds2_actual.objects[0].comment == "My comment"
+ - set_with_creds2_actual.objects[0].servicePrincipalName == "HTTP/ParentUser2"
+
+- name: set value with DN lookup and creds
+ microsoft.ad.group:
+ name: Group-CHILD
+ path: '{{ child_ou }}'
+ state: present
+ members:
+ add:
+ - User-CHILD
+ - name: User-PARENT
+ server: '{{ domain_realm }}'
+ domain_credentials:
+ - name: '{{ domain_realm }}'
+ username: '{{ domain_user_upn }}'
+ password: '{{ domain_password }}'
+ register: lookup_with_creds
+ delegate_to: CHILD
+
+- name: get result of set value with DN lookup and creds
+ microsoft.ad.object_info:
+ identity: '{{ lookup_with_creds.object_guid }}'
+ properties:
+ - member
+ register: lookup_with_creds_actual
+ delegate_to: CHILD
+
+- name: assert set value with DN lookup and creds
+ assert:
+ that:
+ - lookup_with_creds is changed
+ - parent_user in lookup_with_creds_actual.objects[0].member
+ - child_user in lookup_with_creds_actual.objects[0].member
+
+- name: set value with DN lookup and creds - idempotent
+ microsoft.ad.group:
+ name: Group-CHILD
+ path: '{{ child_ou }}'
+ state: present
+ members:
+ add:
+ - User-CHILD
+ - name: User-PARENT
+ server: '{{ domain_realm }}'
+ domain_credentials:
+ - name: '{{ domain_realm }}'
+ username: '{{ domain_user_upn }}'
+ password: '{{ domain_password }}'
+ register: lookup_with_creds_again
+ delegate_to: CHILD
+
+- name: assert set value with DN lookup and creds - idempotent
+ assert:
+ that:
+ - not lookup_with_creds_again is changed
+
+- name: create user group with DN lookup and creds - check mode
+ microsoft.ad.user:
+ name: ChildUser1
+ path: '{{ child_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_credentials:
+ - name: '{{ domain_realm }}'
+ username: '{{ domain_user_upn }}'
+ password: '{{ domain_password }}'
+ groups:
+ add:
+ - Group-CHILD
+ - name: Group-PARENT
+ server: '{{ domain_realm }}'
+ register: new_user_with_group_check
+ delegate_to: CHILD
+ check_mode: true
+
+- name: get result of create user group with DN lookup and creds - check mode
+ microsoft.ad.object_info:
+ identity: '{{ new_user_with_group_check.distinguished_name }}'
+ properties:
+ - memberOf
+ register: new_user_with_group_check_actual
+ delegate_to: CHILD
+
+- name: assert set value with DN lookup and creds
+ assert:
+ that:
+ - new_user_with_group_check is changed
+ - new_user_with_group_check.distinguished_name == "CN=ChildUser1," ~ child_ou
+ - new_user_with_group_check_actual.objects == []
+
+- name: create user group with DN lookup and creds
+ microsoft.ad.user:
+ name: ChildUser1
+ path: '{{ child_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_credentials:
+ - name: '{{ domain_realm }}'
+ username: '{{ domain_user_upn }}'
+ password: '{{ domain_password }}'
+ groups:
+ add:
+ - Group-CHILD
+ - name: Group-PARENT
+ server: '{{ domain_realm }}'
+ register: new_user_with_group
+ delegate_to: CHILD
+
+- name: replicate group membership of parent group to child domain after adding group
+ ansible.windows.win_command: >-
+ repadmin.exe
+ /replsingleobj
+ {{ hostvars["CHILD"]["new_hostname"] }}.{{ hostvars["CHILD"]["child_domain_name"] }}
+ parent.{{ domain_realm }}
+ {{ parent_group }}
+ delegate_to: CHILD
+
+- name: get result of create user group with DN lookup and creds
+ microsoft.ad.object_info:
+ identity: '{{ new_user_with_group.distinguished_name }}'
+ properties:
+ - memberOf
+ register: new_user_with_group_actual
+ delegate_to: CHILD
+
+- name: assert create user group with DN lookup and creds
+ assert:
+ that:
+ - new_user_with_group is changed
+ - new_user_with_group.distinguished_name == "CN=ChildUser1," ~ child_ou
+ - new_user_with_group_actual.objects | count == 1
+ - new_user_with_group_actual.objects[0].DistinguishedName == new_user_with_group.distinguished_name
+ - >-
+ "CN=Group-CHILD," ~ child_ou in new_user_with_group_actual.objects[0].memberOf
+ - >-
+ "CN=Group-PARENT," ~ parent_ou in new_user_with_group_actual.objects[0].memberOf
+
+- name: create user group with DN lookup and creds - idempotent
+ microsoft.ad.user:
+ name: ChildUser1
+ path: '{{ child_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_credentials:
+ - name: '{{ domain_realm }}'
+ username: '{{ domain_user_upn }}'
+ password: '{{ domain_password }}'
+ groups:
+ add:
+ - Group-CHILD
+ - name: Group-PARENT
+ server: '{{ domain_realm }}'
+ register: new_user_with_group_again
+ delegate_to: CHILD
+
+- name: assert create user group with DN lookup and creds - idempotent
+ assert:
+ that:
+ - not new_user_with_group_again is changed
+
+- name: remove user group with DN lookup and creds - check mode
+ microsoft.ad.user:
+ name: ChildUser1
+ path: '{{ child_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_credentials:
+ - name: '{{ domain_realm }}'
+ username: '{{ domain_user_upn }}'
+ password: '{{ domain_password }}'
+ groups:
+ remove:
+ - Group-CHILD
+ - name: Group-PARENT
+ server: '{{ domain_realm }}'
+ register: remove_user_with_group_check
+ delegate_to: CHILD
+ check_mode: true
+
+- name: get result of remove user group with DN lookup and creds - check mode
+ microsoft.ad.object_info:
+ identity: '{{ remove_user_with_group_check.distinguished_name }}'
+ properties:
+ - memberOf
+ register: remove_user_with_group_check_actual
+ delegate_to: CHILD
+
+- name: assert remove user group with DN lookup and creds - check mode
+ assert:
+ that:
+ - remove_user_with_group_check is changed
+ - remove_user_with_group_check.distinguished_name == "CN=ChildUser1," ~ child_ou
+ - >-
+ "CN=Group-CHILD," ~ child_ou in remove_user_with_group_check_actual.objects[0].memberOf
+ - >-
+ "CN=Group-PARENT," ~ parent_ou in remove_user_with_group_check_actual.objects[0].memberOf
+
+- name: remove user group with DN lookup and creds
+ microsoft.ad.user:
+ name: ChildUser1
+ path: '{{ child_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_credentials:
+ - name: '{{ domain_realm }}'
+ username: '{{ domain_user_upn }}'
+ password: '{{ domain_password }}'
+ groups:
+ remove:
+ - Group-CHILD
+ - name: Group-PARENT
+ server: '{{ domain_realm }}'
+ register: remove_user_with_group
+ delegate_to: CHILD
+
+- name: replicate group membership of parent group to child domain after removing group
+ ansible.windows.win_command: >-
+ repadmin.exe
+ /replsingleobj
+ {{ hostvars["CHILD"]["new_hostname"] }}.{{ hostvars["CHILD"]["child_domain_name"] }}
+ parent.{{ domain_realm }}
+ {{ parent_group }}
+ delegate_to: CHILD
+
+- name: get result of remove user group with DN lookup and creds
+ microsoft.ad.object_info:
+ identity: '{{ remove_user_with_group.distinguished_name }}'
+ properties:
+ - memberOf
+ register: remove_user_with_group_actual
+ delegate_to: CHILD
+
+- name: assert remove user group with DN lookup and creds
+ assert:
+ that:
+ - remove_user_with_group is changed
+ - remove_user_with_group.distinguished_name == "CN=ChildUser1," ~ child_ou
+ - remove_user_with_group_actual.objects | count == 1
+ - remove_user_with_group_actual.objects[0].DistinguishedName == new_user_with_group.distinguished_name
+ - remove_user_with_group_actual.objects[0].memberOf == None
+
+- name: remove user group with DN lookup and creds - idempotent
+ microsoft.ad.user:
+ name: ChildUser1
+ path: '{{ child_ou }}'
+ state: present
+ password: '{{ domain_password }}'
+ update_password: when_changed
+ domain_credentials:
+ - name: '{{ domain_realm }}'
+ username: '{{ domain_user_upn }}'
+ password: '{{ domain_password }}'
+ groups:
+ remove:
+ - Group-CHILD
+ - name: Group-PARENT
+ server: '{{ domain_realm }}'
+ register: remove_user_with_group_again
+ delegate_to: CHILD
+
+- name: assert remove user group with DN lookup and creds - idempotent
+ assert:
+ that:
+ - not remove_user_with_group_again is changed
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/tasks/main_child.yml b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/tasks/main_child.yml
new file mode 100644
index 000000000..40f4f2eda
--- /dev/null
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/tasks/main_child.yml
@@ -0,0 +1,98 @@
+- name: create child domain - check mode
+ domain_child:
+ dns_domain_name: '{{ child_domain_name }}'
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ safe_mode_password: '{{ domain_password }}'
+ reboot: true
+ register: to_domain_check
+ check_mode: true
+
+- name: get result of promote to domain - check mode
+ ansible.windows.win_powershell:
+ script: '{{ get_role_script }}'
+ register: to_domain_check_actual
+
+- name: assert promote to domain - check mode
+ assert:
+ that:
+ - to_domain_check is changed
+ - to_domain_check_actual.output[0]["Domain"] == None
+ - to_domain_check_actual.output[0]["DomainRole"] == "StandaloneServer"
+
+- name: change hostname to have a pending change before promotion
+ ansible.windows.win_hostname:
+ name: '{{ new_hostname }}'
+
+- name: create child domain with pending reboot
+ domain_child:
+ dns_domain_name: '{{ child_domain_name }}'
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ safe_mode_password: '{{ domain_password }}'
+ reboot: true
+ register: to_domain
+
+- name: get result of promote to domain with pending reboot
+ ansible.windows.win_powershell:
+ script: '{{ get_role_script }}'
+ register: to_domain_actual
+
+- name: assert promote to domain with pending reboot
+ assert:
+ that:
+ - to_domain is changed
+ - to_domain_actual.output[0]["Domain"] == child_domain_name
+ - to_domain_actual.output[0]["DomainRole"] == "PrimaryDC"
+ - to_domain_actual.output[0]["HostName"] == new_hostname | upper
+
+- name: create child domain - idempotent
+ domain_child:
+ dns_domain_name: '{{ child_domain_name }}'
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ safe_mode_password: '{{ domain_password }}'
+ reboot: true
+ register: to_domain_again
+
+- name: assert create child domain - idempotent
+ assert:
+ that:
+ - not to_domain_again is changed
+
+- name: fail to change domain of host
+ domain_child:
+ dns_domain_name: bogus.local
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ safe_mode_password: '{{ domain_password }}'
+ reboot: true
+ register: change_domain_fail
+ failed_when:
+ - change_domain_fail.msg != "Host is already a domain controller in another domain " ~ child_domain_name
+
+- name: fail with parent_domain_name with domain_type mode
+ domain_child:
+ dns_domain_name: '{{ child_domain_name }}'
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ safe_mode_password: '{{ domain_password }}'
+ parent_domain_name: other
+ reboot: true
+ register: invalid_parent
+ failed_when:
+ - invalid_parent.msg != "parent_domain_name must not be set when domain_type=child"
+
+- name: fail with invalid domain_mode
+ domain_child:
+ dns_domain_name: bogus.local
+ parent_domain_name: '{{ domain_realm }}'
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ safe_mode_password: '{{ domain_password }}'
+ domain_mode: Invalid
+ reboot: true
+ register: change_domain_invalid_mode
+ failed_when:
+ - >-
+ change_domain_invalid_mode.msg.startswith("The parameter 'domain_mode' does not accept 'Invalid', please use one of: ")
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/tasks/main_tree.yml b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/tasks/main_tree.yml
new file mode 100644
index 000000000..01e5e06b5
--- /dev/null
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/tasks/main_tree.yml
@@ -0,0 +1,91 @@
+- name: create test folders
+ ansible.windows.win_file:
+ path: 'C:\ansible_testing\{{ item }}'
+ state: directory
+ loop:
+ - DB
+ - LogPath
+ - SysVol
+
+- name: create tree domain - check mode
+ domain_child:
+ dns_domain_name: '{{ child_domain_name }}'
+ parent_domain_name: '{{ domain_realm }}'
+ domain_type: tree
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ safe_mode_password: '{{ domain_password }}'
+ domain_mode: WinThreshold
+ database_path: C:\ansible_testing\DB
+ log_path: C:\ansible_testing\LogPath
+ sysvol_path: C:\ansible_testing\SysVol
+ reboot: true
+ register: to_tree_check
+ check_mode: true
+
+- name: get result of promote to tree domain - check mode
+ ansible.windows.win_powershell:
+ script: '{{ get_role_script }}'
+ register: to_tree_check_actual
+
+- name: assert promote to domain - check mode
+ assert:
+ that:
+ - to_tree_check is changed
+ - not to_tree_check.reboot_required
+ - to_tree_check_actual.output[0]["Domain"] == None
+ - to_tree_check_actual.output[0]["DomainRole"] == "StandaloneServer"
+
+- name: change hostname to have a pending change before promotion
+ ansible.windows.win_hostname:
+ name: '{{ new_hostname }}'
+
+- name: create tree domain with pending reboot
+ domain_child:
+ dns_domain_name: '{{ child_domain_name }}'
+ parent_domain_name: '{{ domain_realm }}'
+ domain_type: tree
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ safe_mode_password: '{{ domain_password }}'
+ domain_mode: WinThreshold
+ database_path: C:\ansible_testing\DB
+ log_path: C:\ansible_testing\LogPath
+ sysvol_path: C:\ansible_testing\SysVol
+ reboot: true
+ register: to_tree
+
+- name: get result of promote to domain with pending reboot
+ ansible.windows.win_powershell:
+ script: '{{ get_role_script }}'
+ register: to_tree_actual
+
+- name: assert promote to domain with pending reboot
+ assert:
+ that:
+ - to_tree is changed
+ - not to_tree.reboot_required
+ - to_tree_actual.output[0]["Domain"] == child_domain_name
+ - to_tree_actual.output[0]["DomainRole"] == "PrimaryDC"
+ - to_tree_actual.output[0]["HostName"] == new_hostname | upper
+
+- name: create tree domain - idempotent
+ domain_child:
+ dns_domain_name: '{{ child_domain_name }}'
+ parent_domain_name: '{{ domain_realm }}'
+ domain_type: tree
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ safe_mode_password: '{{ domain_password }}'
+ domain_mode: WinThreshold
+ database_path: C:\ansible_testing\DB
+ log_path: C:\ansible_testing\LogPath
+ sysvol_path: C:\ansible_testing\SysVol
+ reboot: true
+ register: to_tree_again
+
+- name: assert create tree domain - idempotent
+ assert:
+ that:
+ - not to_tree_again is changed
+ - not to_tree_again.reboot_required
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/test.yml b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/test.yml
new file mode 100644
index 000000000..ba936e1d9
--- /dev/null
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/domain_child/test.yml
@@ -0,0 +1,146 @@
+- name: ensure time is in sync
+ hosts: windows
+ gather_facts: false
+ tasks:
+ - name: get current host datetime
+ command: date +%s
+ changed_when: False
+ delegate_to: localhost
+ run_once: True
+ register: local_time
+
+ - name: set datetime on Windows
+ ansible.windows.win_powershell:
+ parameters:
+ SecondsSinceEpoch: '{{ local_time.stdout | trim }}'
+ script: |
+ param($SecondsSinceEpoch)
+
+ $utc = [System.DateTimeKind]::Utc
+ $epoch = New-Object -TypeName System.DateTime -ArgumentList 1970, 1, 1, 0, 0, 0, 0, $utc
+ $date = $epoch.AddSeconds($SecondsSinceEpoch)
+
+ Set-Date -Date $date
+
+ - name: set common test vars
+ ansible.builtin.set_fact:
+ get_role_script: |
+ $Ansible.Changed = $false
+ Get-CimInstance -ClassName Win32_ComputerSystem -Property Domain, DomainRole, PartOfDomain |
+ Select-Object -Property @{
+ N = 'Domain'
+ E = {
+ if ($_.PartOfDomain) {
+ $_.Domain
+ }
+ else {
+ $null
+ }
+ }
+ }, @{
+ N = 'DomainRole'
+ E = {
+ switch ($_.DomainRole) {
+ 0 { "StandaloneWorkstation" }
+ 1 { "MemberWorkstation" }
+ 2 { "StandaloneServer" }
+ 3 { "MemberServer" }
+ 4 { "BackupDC" }
+ 5 { "PrimaryDC" }
+ }
+ }
+ }, @{
+ N = 'HostName'
+ E = { $env:COMPUTERNAME }
+ }
+
+- name: run microsoft.ad.domain_child child tests
+ hosts: CHILD
+ gather_facts: false
+
+ tasks:
+ - name: check domain status to see if test will run
+ ansible.windows.win_powershell:
+ script: '{{ get_role_script }}'
+ register: domain_status
+
+ - ansible.builtin.include_tasks: tasks/main_child.yml
+ when: domain_status.output[0].Domain != child_domain_name
+
+- name: run microsoft.ad.domain_child tree tests
+ hosts: TREE
+ gather_facts: false
+
+ tasks:
+ - name: check domain status to see if test will run
+ ansible.windows.win_powershell:
+ script: '{{ get_role_script }}'
+ register: domain_status
+
+ - ansible.builtin.include_tasks: tasks/main_tree.yml
+ when: domain_status.output[0].Domain != child_domain_name
+
+- name: run extra tests to test out cross domain functionality in other modules
+ hosts: localhost
+ gather_facts: false
+
+ tasks:
+ - name: create test OU in each domain
+ microsoft.ad.ou:
+ name: Ansible-{{ item }}
+ state: present
+ delegate_to: '{{ item }}'
+ register: ou_info
+ loop:
+ - PARENT
+ - CHILD
+
+ - block:
+ - name: set facts for each OU DN
+ ansible.builtin.set_fact:
+ parent_ou: '{{ ou_info.results[0].distinguished_name }}'
+ child_ou: '{{ ou_info.results[1].distinguished_name }}'
+
+ - name: create test users
+ microsoft.ad.user:
+ name: User-{{ item }}
+ state: present
+ password: '{{ domain_password }}'
+ path: '{{ {"PARENT": parent_ou, "CHILD": child_ou}[item] }}'
+ register: user_info
+ delegate_to: '{{ item }}'
+ loop:
+ - PARENT
+ - CHILD
+
+ - name: create test groups
+ microsoft.ad.group:
+ name: Group-{{ item }}
+ state: present
+ path: '{{ {"PARENT": parent_ou, "CHILD": child_ou}[item] }}'
+ scope: universal
+ register: group_info
+ delegate_to: '{{ item }}'
+ loop:
+ - PARENT
+ - CHILD
+
+ - name: set facts for each test user and group DN
+ ansible.builtin.set_fact:
+ parent_user: '{{ user_info.results[0].distinguished_name }}'
+ parent_group: '{{ group_info.results[0].distinguished_name }}'
+ child_user: '{{ user_info.results[1].distinguished_name }}'
+ child_group: '{{ group_info.results[1].distinguished_name }}'
+
+ - name: run cross domain tests
+ ansible.builtin.import_tasks: tasks/cross_domain.yml
+
+ always:
+ - name: remove test OU in each domain
+ microsoft.ad.ou:
+ name: Ansible-{{ item }}
+ state: absent
+ delegate_to: '{{ item }}'
+ loop:
+ - PARENT
+ - CHILD
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/group/tasks/tests.yml b/ansible_collections/microsoft/ad/tests/integration/targets/group/tasks/tests.yml
index b40041b0d..958398a42 100644
--- a/ansible_collections/microsoft/ad/tests/integration/targets/group/tasks/tests.yml
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/group/tasks/tests.yml
@@ -107,7 +107,8 @@
- my_user_2
- another-user
register: fail_invalid_members
- failed_when: 'fail_invalid_members.msg != "Failed to find the following ad objects for group members: ''fake-user'', ''another-user''"'
+ failed_when: >-
+ fail_invalid_members.msg != "Failed to find the AD object DNs for members.add. Invalid identities: 'fake-user', 'another-user'"
- name: add members to a group - check
group:
@@ -141,7 +142,7 @@
members:
add:
- my_user_1
- - '{{ test_users.results[2].sid }}'
+ - name: '{{ test_users.results[2].sid }}'
- MyGroup2-ReallyLongGroupNameHere
register: add_member
@@ -376,7 +377,8 @@
- my_user_2
- another-user
register: fail_invalid_members
- failed_when: 'fail_invalid_members.msg != "Failed to find the following ad objects for group members: ''fake-user'', ''another-user''"'
+ failed_when: >-
+ fail_invalid_members.msg != "Failed to find the AD object DNs for members.add. Invalid identities: 'fake-user', 'another-user'"
- name: create group with custom options
group:
@@ -388,7 +390,8 @@
scope: domainlocal
category: distribution
homepage: www.ansible.com
- managed_by: Domain Admins
+ managed_by:
+ name: Domain Admins
members:
add:
- my_user_1
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/membership/tasks/main.yml b/ansible_collections/microsoft/ad/tests/integration/targets/membership/tasks/main.yml
index f66985da9..0060179e9 100644
--- a/ansible_collections/microsoft/ad/tests/integration/targets/membership/tasks/main.yml
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/membership/tasks/main.yml
@@ -1,7 +1,7 @@
- set_fact:
get_result_script: |
$Ansible.Changed = $false
- $cs = Get-CimInstance -ClassName Win32_ComputerSystem -Property Domain, PartOfDomain, Workgroup
+ $cs = Get-CimInstance -ClassName Win32_ComputerSystem -Property DNSHostName, Domain, PartOfDomain, Workgroup
$domainName = if ($cs.PartOfDomain) {
try {
[System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name
@@ -15,7 +15,8 @@
}
[PSCustomObject]@{
- HostName = $env:COMPUTERNAME
+ HostName = $cs.DNSHostName
+ NetbiosName = $env:COMPUTERNAME
PartOfDomain = $cs.PartOfDomain
DnsDomainName = $domainName
WorkgroupName = $cs.Workgroup
@@ -23,8 +24,13 @@
get_ad_result_script: |
$Ansible.Changed = $false
- Get-ADComputer -Filter { Name -ne 'DC' } -Properties DistinguishedName, Name, Enabled |
- Select-Object -Property DistinguishedName, Name, Enabled
+ Get-ADComputer -Filter { Name -ne 'DC' } -Properties DistinguishedName, DNSHostName, Name, Enabled |
+ Select-Object -Property @(
+ 'DistinguishedName'
+ @{ N = 'DNSHostName'; E = { $_.DNSHostName.Substring(0, $_.DNSHostName.IndexOf('.')) } }
+ 'Name'
+ 'Enabled'
+ )
- name: join domain invalid OU
membership:
@@ -65,6 +71,7 @@
- join_domain_check.reboot_required == False
- join_domain_check_actual.output[0]["DnsDomainName"] == None
- join_domain_check_actual.output[0]["HostName"] == "TEST"
+ - join_domain_check_actual.output[0]["NetbiosName"] == "TEST"
- join_domain_check_actual.output[0]["PartOfDomain"] == False
- join_domain_check_actual.output[0]["WorkgroupName"] == "WORKGROUP"
@@ -95,9 +102,11 @@
- join_domain.reboot_required == False
- join_domain_actual.output[0]["DnsDomainName"] == domain_realm
- join_domain_actual.output[0]["HostName"] == "TEST"
+ - join_domain_actual.output[0]["NetbiosName"] == "TEST"
- join_domain_actual.output[0]["PartOfDomain"] == True
- join_domain_actual.output[0]["WorkgroupName"] == None
- join_domain_ad_actual.output | length == 1
+ - join_domain_ad_actual.output[0]["DNSHostName"] == "TEST"
- join_domain_ad_actual.output[0]["Name"] == "TEST"
- join_domain_ad_actual.output[0]["Enabled"] == True
@@ -132,7 +141,7 @@
dns_domain_name: '{{ domain_realm }}'
domain_admin_user: '{{ domain_user_upn }}'
domain_admin_password: '{{ domain_password }}'
- hostname: OTHER
+ hostname: TEST1-long-HOSTNAME1
state: domain
reboot: true
register: rename_host_domain_check
@@ -156,9 +165,11 @@
- rename_host_domain_check.reboot_required == False
- rename_host_domain_check_actual.output[0]["DnsDomainName"] == domain_realm
- rename_host_domain_check_actual.output[0]["HostName"] == "TEST"
+ - rename_host_domain_check_actual.output[0]["NetbiosName"] == "TEST"
- rename_host_domain_check_actual.output[0]["PartOfDomain"] == True
- rename_host_domain_check_actual.output[0]["WorkgroupName"] == None
- rename_host_domain_check_ad_actual.output | length == 1
+ - rename_host_domain_check_ad_actual.output[0]["DNSHostName"] == "TEST"
- rename_host_domain_check_ad_actual.output[0]["Name"] == "TEST"
- rename_host_domain_check_ad_actual.output[0]["Enabled"] == True
@@ -167,7 +178,7 @@
dns_domain_name: '{{ domain_realm }}'
domain_admin_user: '{{ domain_user_upn }}'
domain_admin_password: '{{ domain_password }}'
- hostname: OTHER
+ hostname: TEST1-long-HOSTNAME1
state: domain
reboot: true
register: rename_host_domain
@@ -183,19 +194,109 @@
delegate_to: DC
register: rename_host_domain_ad_actual
-- name: assert join domain
+- name: assert rename hostname of domain joined host
assert:
that:
- rename_host_domain is changed
- rename_host_domain.reboot_required == False
- rename_host_domain_actual.output[0]["DnsDomainName"] == domain_realm
- - rename_host_domain_actual.output[0]["HostName"] == "OTHER"
+ - rename_host_domain_actual.output[0]["HostName"] == "TEST1-long-HOSTNAME1"
+ - rename_host_domain_actual.output[0]["NetbiosName"] == "TEST1-LONG-HOST"
- rename_host_domain_actual.output[0]["PartOfDomain"] == True
- rename_host_domain_actual.output[0]["WorkgroupName"] == None
- rename_host_domain_ad_actual.output | length == 1
- - rename_host_domain_ad_actual.output[0]["Name"] == "OTHER"
+ - rename_host_domain_ad_actual.output[0]["DNSHostName"] == "TEST1-long-HOSTNAME1"
+ - rename_host_domain_ad_actual.output[0]["Name"] == "TEST1-LONG-HOST"
- rename_host_domain_ad_actual.output[0]["Enabled"] == True
+- name: rename hostname of domain joined host - idempotent
+ membership:
+ dns_domain_name: '{{ domain_realm }}'
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ hostname: TEST1-long-HOSTNAME1
+ state: domain
+ reboot: true
+ register: rename_host_domain_again
+
+- name: assert rename hostname of domain joined host - idempotent
+ assert:
+ that:
+ - not rename_host_domain_again is changed
+
+- name: rename hostname of domain joined host netbios portion - check mode
+ membership:
+ dns_domain_name: '{{ domain_realm }}'
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ hostname: TEST2-long-HOSTNAME1
+ state: domain
+ reboot: true
+ register: rename_host_domain_netbios_check
+ check_mode: True
+
+- name: get result of rename hostname of domain joined host netbios portion - check mode
+ ansible.windows.win_powershell:
+ script: '{{ get_result_script }}'
+ register: rename_host_domain_netbios_check_actual
+
+- name: get ad result of rename hostname of domain joined host netbios portion - check mode
+ ansible.windows.win_powershell:
+ script: '{{ get_ad_result_script }}'
+ delegate_to: DC
+ register: rename_host_domain_netbios_check_ad_actual
+
+- name: assert rename hostname of domain joined host netbios portion - check mode
+ assert:
+ that:
+ - rename_host_domain_netbios_check is changed
+ - rename_host_domain_netbios_check.reboot_required == False
+ - rename_host_domain_netbios_check_actual.output[0]["DnsDomainName"] == domain_realm
+ - rename_host_domain_netbios_check_actual.output[0]["HostName"] == "TEST1-long-HOSTNAME1"
+ - rename_host_domain_netbios_check_actual.output[0]["NetbiosName"] == "TEST1-LONG-HOST"
+ - rename_host_domain_netbios_check_actual.output[0]["PartOfDomain"] == True
+ - rename_host_domain_netbios_check_actual.output[0]["WorkgroupName"] == None
+ - rename_host_domain_netbios_check_ad_actual.output | length == 1
+ - rename_host_domain_netbios_check_ad_actual.output[0]["DNSHostName"] == "TEST1-long-HOSTNAME1"
+ - rename_host_domain_netbios_check_ad_actual.output[0]["Name"] == "TEST1-LONG-HOST"
+ - rename_host_domain_netbios_check_ad_actual.output[0]["Enabled"] == True
+
+- name: rename hostname of domain joined host netbios portion
+ membership:
+ dns_domain_name: '{{ domain_realm }}'
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ hostname: TEST2-long-HOSTNAME1
+ state: domain
+ reboot: true
+ register: rename_host_domain_netbios
+
+- name: get result of rename hostname of domain joined host netbios portion
+ ansible.windows.win_powershell:
+ script: '{{ get_result_script }}'
+ register: rename_host_domain_netbios_actual
+
+- name: get ad result of rename hostname of domain joined host netbios portion
+ ansible.windows.win_powershell:
+ script: '{{ get_ad_result_script }}'
+ delegate_to: DC
+ register: rename_host_domain_netbios_ad_actual
+
+- name: assert rename hostname of domain joined host
+ assert:
+ that:
+ - rename_host_domain_netbios is changed
+ - rename_host_domain_netbios.reboot_required == False
+ - rename_host_domain_netbios_actual.output[0]["DnsDomainName"] == domain_realm
+ - rename_host_domain_netbios_actual.output[0]["HostName"] == "TEST2-long-HOSTNAME1"
+ - rename_host_domain_netbios_actual.output[0]["NetbiosName"] == "TEST2-LONG-HOST"
+ - rename_host_domain_netbios_actual.output[0]["PartOfDomain"] == True
+ - rename_host_domain_netbios_actual.output[0]["WorkgroupName"] == None
+ - rename_host_domain_netbios_ad_actual.output | length == 1
+ - rename_host_domain_netbios_ad_actual.output[0]["DNSHostName"] == "TEST2-long-HOSTNAME1"
+ - rename_host_domain_netbios_ad_actual.output[0]["Name"] == "TEST2-LONG-HOST"
+ - rename_host_domain_netbios_ad_actual.output[0]["Enabled"] == True
+
- name: change domain to workgroup - check mode
membership:
workgroup_name: TEST
@@ -222,11 +323,13 @@
- to_workgroup_check is changed
- to_workgroup_check.reboot_required == True
- to_workgroup_check_actual.output[0]["DnsDomainName"] == domain_realm
- - to_workgroup_check_actual.output[0]["HostName"] == "OTHER"
+ - to_workgroup_check_actual.output[0]["HostName"] == "TEST2-long-HOSTNAME1"
+ - to_workgroup_check_actual.output[0]["NetbiosName"] == "TEST2-LONG-HOST"
- to_workgroup_check_actual.output[0]["PartOfDomain"] == True
- to_workgroup_check_actual.output[0]["WorkgroupName"] == None
- to_workgroup_check_ad_actual.output | length == 1
- - to_workgroup_check_ad_actual.output[0]["Name"] == "OTHER"
+ - to_workgroup_check_ad_actual.output[0]["DNSHostName"] == "TEST2-long-HOSTNAME1"
+ - to_workgroup_check_ad_actual.output[0]["Name"] == "TEST2-LONG-HOST"
- to_workgroup_check_ad_actual.output[0]["Enabled"] == True
- name: change domain to workgroup
@@ -238,7 +341,7 @@
register: to_workgroup
- set_fact:
- local_user: OTHER\{{ ansible_user }}
+ local_user: TEST2-LONG-HOST\{{ ansible_user }}
- ansible.windows.win_reboot:
when: to_workgroup.reboot_required
@@ -266,16 +369,18 @@
- to_workgroup is changed
- to_workgroup.reboot_required == True
- to_workgroup_actual.output[0]["DnsDomainName"] == None
- - to_workgroup_actual.output[0]["HostName"] == "OTHER"
+ - to_workgroup_actual.output[0]["HostName"] == "TEST2-long-HOSTNAME1"
+ - to_workgroup_actual.output[0]["NetbiosName"] == "TEST2-LONG-HOST"
- to_workgroup_actual.output[0]["PartOfDomain"] == False
- to_workgroup_actual.output[0]["WorkgroupName"] == "TEST"
- to_workgroup_ad_actual.output | length == 1
- - to_workgroup_ad_actual.output[0]["Name"] == "OTHER"
+ - to_workgroup_ad_actual.output[0]["DNSHostName"] == "TEST2-long-HOSTNAME1"
+ - to_workgroup_ad_actual.output[0]["Name"] == "TEST2-LONG-HOST"
- to_workgroup_ad_actual.output[0]["Enabled"] == False
- name: remove orphaned AD account for later tests
microsoft.ad.computer:
- name: OTHER
+ name: TEST2-LONG-HOST
state: absent
delegate_to: DC
@@ -315,7 +420,8 @@
- change_workgroup_check is changed
- change_workgroup_check.reboot_required == False
- change_workgroup_check_actual.output[0]["DnsDomainName"] == None
- - change_workgroup_check_actual.output[0]["HostName"] == "OTHER"
+ - change_workgroup_check_actual.output[0]["HostName"] == "TEST2-long-HOSTNAME1"
+ - change_workgroup_check_actual.output[0]["NetbiosName"] == "TEST2-LONG-HOST"
- change_workgroup_check_actual.output[0]["PartOfDomain"] == False
- change_workgroup_check_actual.output[0]["WorkgroupName"] == "TEST"
@@ -339,7 +445,8 @@
- change_workgroup is changed
- change_workgroup.reboot_required == False
- change_workgroup_actual.output[0]["DnsDomainName"] == None
- - change_workgroup_actual.output[0]["HostName"] == "OTHER"
+ - change_workgroup_actual.output[0]["HostName"] == "TEST2-long-HOSTNAME1"
+ - change_workgroup_actual.output[0]["NetbiosName"] == "TEST2-LONG-HOST"
- change_workgroup_actual.output[0]["PartOfDomain"] == False
- change_workgroup_actual.output[0]["WorkgroupName"] == "TEST2"
@@ -350,7 +457,7 @@
domain_admin_password: '{{ domain_password }}'
state: workgroup
reboot: true
- hostname: FOO
+ hostname: TEST1-long-HOSTNAME2
register: change_hostname_check
check_mode: true
@@ -365,7 +472,8 @@
- change_hostname_check is changed
- change_hostname_check.reboot_required == False
- change_hostname_check_actual.output[0]["DnsDomainName"] == None
- - change_hostname_check_actual.output[0]["HostName"] == "OTHER"
+ - change_hostname_check_actual.output[0]["HostName"] == "TEST2-long-HOSTNAME1"
+ - change_hostname_check_actual.output[0]["NetbiosName"] == "TEST2-LONG-HOST"
- change_hostname_check_actual.output[0]["PartOfDomain"] == False
- change_hostname_check_actual.output[0]["WorkgroupName"] == "TEST2"
@@ -376,7 +484,7 @@
domain_admin_password: '{{ domain_password }}'
state: workgroup
reboot: true
- hostname: FOO
+ hostname: TEST1-long-HOSTNAME2
register: change_hostname
- name: get result of change just the hostname
@@ -384,16 +492,85 @@
script: '{{ get_result_script }}'
register: change_hostname_actual
-- name: assert change just the hostname - check mode
+- name: assert change just the hostname
assert:
that:
- change_hostname is changed
- change_hostname.reboot_required == False
- change_hostname_actual.output[0]["DnsDomainName"] == None
- - change_hostname_actual.output[0]["HostName"] == "FOO"
+ - change_hostname_actual.output[0]["HostName"] == "TEST1-long-HOSTNAME2"
+ - change_hostname_actual.output[0]["NetbiosName"] == "TEST1-LONG-HOST"
- change_hostname_actual.output[0]["PartOfDomain"] == False
- change_hostname_actual.output[0]["WorkgroupName"] == "TEST2"
+- name: change just the hostname - idempotent
+ membership:
+ workgroup_name: TEST2
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ state: workgroup
+ reboot: true
+ hostname: TEST1-long-HOSTNAME2
+ register: change_hostname_again
+
+- name: assert change just the hostname - idempotent
+ assert:
+ that:
+ - not change_hostname_again is changed
+
+- name: change just the hostname netbios portion - check mode
+ membership:
+ workgroup_name: TEST2
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ state: workgroup
+ reboot: true
+ hostname: TEST2-long-HOSTNAME2
+ register: change_hostname_netbios_check
+ check_mode: true
+
+- name: get result of change just the hostname netbios portion - check mode
+ ansible.windows.win_powershell:
+ script: '{{ get_result_script }}'
+ register: change_hostname_netbios_check_actual
+
+- name: assert change just the hostname netbios portion - check mode
+ assert:
+ that:
+ - change_hostname_netbios_check is changed
+ - change_hostname_netbios_check.reboot_required == False
+ - change_hostname_netbios_check_actual.output[0]["DnsDomainName"] == None
+ - change_hostname_netbios_check_actual.output[0]["HostName"] == "TEST1-long-HOSTNAME2"
+ - change_hostname_netbios_check_actual.output[0]["NetbiosName"] == "TEST1-LONG-HOST"
+ - change_hostname_netbios_check_actual.output[0]["PartOfDomain"] == False
+ - change_hostname_netbios_check_actual.output[0]["WorkgroupName"] == "TEST2"
+
+- name: change just the hostname netbios portion
+ membership:
+ workgroup_name: TEST2
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ state: workgroup
+ reboot: true
+ hostname: TEST2-long-HOSTNAME2
+ register: change_hostname_netbios
+
+- name: get result of change just the hostname netbios portion
+ ansible.windows.win_powershell:
+ script: '{{ get_result_script }}'
+ register: change_hostname_netbios_actual
+
+- name: assert change just the hostname
+ assert:
+ that:
+ - change_hostname_netbios is changed
+ - change_hostname_netbios.reboot_required == False
+ - change_hostname_netbios_actual.output[0]["DnsDomainName"] == None
+ - change_hostname_netbios_actual.output[0]["HostName"] == "TEST2-long-HOSTNAME2"
+ - change_hostname_netbios_actual.output[0]["NetbiosName"] == "TEST2-LONG-HOST"
+ - change_hostname_netbios_actual.output[0]["PartOfDomain"] == False
+ - change_hostname_netbios_actual.output[0]["WorkgroupName"] == "TEST2"
+
- name: create custom OU
ansible.windows.win_powershell:
script: |
@@ -407,7 +584,7 @@
dns_domain_name: '{{ domain_realm }}'
domain_admin_user: '{{ domain_user_upn }}'
domain_admin_password: '{{ domain_password }}'
- hostname: BAR
+ hostname: TEST1-long-HOSTNAME3
domain_ou_path: '{{ custom_ou.output[0] }}'
state: domain
register: join_ou_check
@@ -424,7 +601,8 @@
- join_ou_check is changed
- join_ou_check.reboot_required == True
- join_ou_check_actual.output[0]["DnsDomainName"] == None
- - join_ou_check_actual.output[0]["HostName"] == "FOO"
+ - join_ou_check_actual.output[0]["HostName"] == "TEST2-long-HOSTNAME2"
+ - join_ou_check_actual.output[0]["NetbiosName"] == "TEST2-LONG-HOST"
- join_ou_check_actual.output[0]["PartOfDomain"] == False
- join_ou_check_actual.output[0]["WorkgroupName"] == "TEST2"
@@ -433,7 +611,7 @@
dns_domain_name: '{{ domain_realm }}'
domain_admin_user: '{{ domain_user_upn }}'
domain_admin_password: '{{ domain_password }}'
- hostname: BAR
+ hostname: TEST1-long-HOSTNAME3
domain_ou_path: '{{ custom_ou.output[0] }}'
state: domain
register: join_ou
@@ -452,26 +630,28 @@
register: join_ou_ad_actual
delegate_to: DC
-- name: assert change just the hostname
+- name: assert join domain with hostname and OUT
assert:
that:
- join_ou is changed
- join_ou.reboot_required == True
- join_ou_actual.output[0]["DnsDomainName"] == domain_realm
- - join_ou_actual.output[0]["HostName"] == "BAR"
+ - join_ou_actual.output[0]["HostName"] == "TEST1-long-HOSTNAME3"
+ - join_ou_actual.output[0]["NetbiosName"] == "TEST1-LONG-HOST"
- join_ou_actual.output[0]["PartOfDomain"] == True
- join_ou_actual.output[0]["WorkgroupName"] == None
- join_ou_ad_actual.output | length == 1
- - join_ou_ad_actual.output[0]["Name"] == "BAR"
+ - join_ou_ad_actual.output[0]["DNSHostName"] == "TEST1-long-HOSTNAME3"
+ - join_ou_ad_actual.output[0]["Name"] == "TEST1-LONG-HOST"
- join_ou_ad_actual.output[0]["Enabled"] == True
- - join_ou_ad_actual.output[0]["DistinguishedName"] == "CN=BAR," ~ custom_ou.output[0]
+ - join_ou_ad_actual.output[0]["DistinguishedName"] == "CN=TEST1-LONG-HOST," ~ custom_ou.output[0]
- name: change domain to workgroup with hostname change - check mode
membership:
workgroup_name: WORKGROUP
domain_admin_user: '{{ domain_user_upn }}'
domain_admin_password: '{{ domain_password }}'
- hostname: FOO
+ hostname: TEST1-long-HOSTNAME4
state: workgroup
register: to_workgroup_hostname_check
check_mode: true
@@ -493,11 +673,13 @@
- to_workgroup_hostname_check is changed
- to_workgroup_hostname_check.reboot_required == True
- to_workgroup_hostname_check_actual.output[0]["DnsDomainName"] == domain_realm
- - to_workgroup_hostname_check_actual.output[0]["HostName"] == "BAR"
+ - to_workgroup_hostname_check_actual.output[0]["HostName"] == "TEST1-long-HOSTNAME3"
+ - to_workgroup_hostname_check_actual.output[0]["NetbiosName"] == "TEST1-LONG-HOST"
- to_workgroup_hostname_check_actual.output[0]["PartOfDomain"] == True
- to_workgroup_hostname_check_actual.output[0]["WorkgroupName"] == None
- to_workgroup_hostname_check_ad_actual.output | length == 1
- - to_workgroup_hostname_check_ad_actual.output[0]["Name"] == "BAR"
+ - to_workgroup_hostname_check_ad_actual.output[0]["DNSHostName"] == "TEST1-long-HOSTNAME3"
+ - to_workgroup_hostname_check_ad_actual.output[0]["Name"] == "TEST1-LONG-HOST"
- to_workgroup_hostname_check_ad_actual.output[0]["Enabled"] == True
- name: change domain to workgroup with hostname change
@@ -505,7 +687,7 @@
workgroup_name: WORKGROUP
domain_admin_user: '{{ domain_user_upn }}'
domain_admin_password: '{{ domain_password }}'
- hostname: FOO
+ hostname: TEST1-long-HOSTNAME4
state: workgroup
reboot: true
register: to_workgroup_hostname
@@ -527,13 +709,30 @@
- to_workgroup_hostname is changed
- to_workgroup_hostname.reboot_required == False
- to_workgroup_hostname_actual.output[0]["DnsDomainName"] == None
- - to_workgroup_hostname_actual.output[0]["HostName"] == "FOO"
+ - to_workgroup_hostname_actual.output[0]["HostName"] == "TEST1-long-HOSTNAME4"
+ - to_workgroup_hostname_actual.output[0]["NetbiosName"] == "TEST1-LONG-HOST"
- to_workgroup_hostname_actual.output[0]["PartOfDomain"] == False
- to_workgroup_hostname_actual.output[0]["WorkgroupName"] == "WORKGROUP"
- to_workgroup_hostname_ad_actual.output | length == 1
- - to_workgroup_hostname_ad_actual.output[0]["Name"] == "BAR"
+ - to_workgroup_hostname_ad_actual.output[0]["DNSHostName"] == "TEST1-long-HOSTNAME3"
+ - to_workgroup_hostname_ad_actual.output[0]["Name"] == "TEST1-LONG-HOST"
- to_workgroup_hostname_ad_actual.output[0]["Enabled"] == False
+- name: change domain to workgroup with hostname change - idempotent
+ membership:
+ workgroup_name: WORKGROUP
+ domain_admin_user: '{{ domain_user_upn }}'
+ domain_admin_password: '{{ domain_password }}'
+ hostname: TEST1-long-HOSTNAME4
+ state: workgroup
+ reboot: true
+ register: to_workgroup_hostname_again
+
+- name: assert change domain to workgroup with hostname change - idempotent
+ assert:
+ that:
+ - not to_workgroup_hostname_again is changed
+
- name: remove orphaned AD account for later tests
microsoft.ad.computer:
name: BAR
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/ou/tasks/tests.yml b/ansible_collections/microsoft/ad/tests/integration/targets/ou/tasks/tests.yml
index 49d06aefb..b6061b7d5 100644
--- a/ansible_collections/microsoft/ad/tests/integration/targets/ou/tasks/tests.yml
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/ou/tasks/tests.yml
@@ -163,7 +163,8 @@
country: US
description: Custom description
display_name: OU display Name
- managed_by: Domain Users
+ managed_by:
+ name: Domain Users
postal_code: 10001
state_province: ''
street: Main
diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/user/tasks/tests.yml b/ansible_collections/microsoft/ad/tests/integration/targets/user/tasks/tests.yml
index 98718da6f..10261afdf 100644
--- a/ansible_collections/microsoft/ad/tests/integration/targets/user/tasks/tests.yml
+++ b/ansible_collections/microsoft/ad/tests/integration/targets/user/tasks/tests.yml
@@ -510,6 +510,7 @@
user:
name: MyUser
state: present
+ account_locked: False
city: Brisbane
company: Red Hat
country: au
@@ -563,6 +564,7 @@
user:
name: MyUser
state: present
+ account_locked: False
city: Brisbane
company: Red Hat
country: au
@@ -685,6 +687,7 @@
user:
name: MyUser
state: present
+ account_locked: False
city: Brisbane
company: Red Hat
country: au
@@ -1095,7 +1098,8 @@
- Invalid
register: fail_missing_group
failed_when:
- - '"Failed to locate group Invalid: Cannot find an object with identity" not in fail_missing_group.msg'
+ - >-
+ "Failed to find the AD object DNs for groups.add. Invalid identities: 'Invalid'" not in fail_missing_group.msg
- name: warn on group that is missing
user:
@@ -1104,7 +1108,7 @@
groups:
add:
- Invalid
- missing_behaviour: warn
+ lookup_failure_action: warn
register: warn_missing_group
- name: assert warn on group that is missing
@@ -1112,7 +1116,8 @@
that:
- not warn_missing_group is changed
- warn_missing_group.warnings | length == 1
- - '"Failed to locate group Invalid but continuing on" in warn_missing_group.warnings[0]'
+ - >-
+ "Failed to find the AD object DNs for groups.add. Ignoring invalid identities: 'Invalid'" in warn_missing_group.warnings[0]
- name: ignore on group that is missing
user:
@@ -1120,7 +1125,7 @@
path: '{{ setup_domain_info.output[0].defaultNamingContext }}'
groups:
add:
- - Invalid
+ - name: Invalid
missing_behaviour: ignore
register: ignore_missing_group
@@ -1136,7 +1141,7 @@
path: '{{ setup_domain_info.output[0].defaultNamingContext }}'
groups:
remove:
- - domain admins
+ - name: domain admins
- Enterprise Admins
register: groups_remove