ansible_collections/microsoft/ad/plugins/modules/domain_child.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184

# Copyright (c) 2024 Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

DOCUMENTATION:
  module: domain_child
  short_description: Manage domain children in an existing Active Directory forest.
  description:
    - Ensure that a Windows Server host is configured as a domain controller as
      a new domain in an existing forest.
    - This module may require subsequent use of the
      M(ansible.windows.win_reboot) action if changes are made.
    - This module will only check if the domain specified by I(dns_domain_name)
      exists or not. If the domain already exists under the same name, no other
      options, other than the domain name will be checked during the run.
  options:
    create_dns_delegation:
      description:
        - Whether to create a DNS delegation that references the new DNS
          server that was installed.
        - Valid for Active Directory-integrated DNS only.
        - The default is computed automatically based on the environment.
      type: bool
    database_path:
      description:
        - The path to a directory on a fixed disk of the Windows host where the
          domain database will be created..
        - If not set then the default path is C(%SYSTEMROOT%\NTDS).
      type: path
    dns_domain_name:
      description:
        - The full DNS name of the domain to create.
        - When I(domain_type=child), the parent DNS domain name is derived
          from this value.
      type: str
    domain_admin_password:
      description:
        - Password for the specified I(domain_admin_user).
      type: str
      required: true
    domain_admin_user:
      description:
        - Username of a domain admin for the parent domain.
      type: str
      required: true
    domain_mode:
      description:
        - Specifies the domain functional level of child/tree.
        - The domain functional level cannot be lower than the forest
          functional level, but it can be higher.
        - The default is automatically computed and set.
        - Current known modes are C(Win2003), C(Win2008), C(Win2008R2),
          C(Win2012), C(Win2012R2), or C(WinThreshold).
      type: str
    domain_type:
      description:
        - Specifies the type of domain to create.
        - Set to C(child) to create a child of an existing domain as specified
          by I(dns_domain_name).
        - Set to C(tree) to create a new domain tree in an existing forest as
          specified by I(parent_domain_name). The I(dns_domain_name) must be
          the full domain name of the new domain tree to create.
      choices:
        - child
        - tree
      default: child
      type: str
    install_dns:
      description:
        - Whether to install the DNS service when creating the domain
          controller.
        - If not specified then the C(-InstallDns) option is not supplied to
          the C(Install-ADDSDomain) command, see
          L(Install-ADDSDomain,https://learn.microsoft.com/en-us/powershell/module/addsdeployment/install-addsdomain#-installdns)
          for more information.
      type: bool
    log_path:
      description:
        - Specified the fully qualified, non-UNC path to a directory on a fixed
          disk of the local computer that will contain the domain log files.
      type: path
    parent_domain_name:
      description:
        - The fully qualified domain name of an existing parent domain to
          create a new domain tree in.
        - This can only be set when I(domain_type=tree).
      type: str
    reboot:
      description:
        - If C(true), this will reboot the host if a reboot was create the
          domain.
        - If C(false), this will not reboot the host if a reboot was required
          and instead sets the I(reboot_required) return value to C(true).
        - Multiple reboots may occur if the host required a reboot before the
          domain promotion.
        - This cannot be used with async mode.
      type: bool
      default: false
    safe_mode_password:
      description:
        - Safe mode password for the domain controller.
      required: true
      type: str
    site_name:
      description:
        - Specifies the name of an existing site where you can place the new
          domain controller.
      type: str
    sysvol_path:
      description:
        - The path to a directory on a fixed disk of the Windows host where the
          Sysvol folder will be created.
        - If not set then the default path is C(%SYSTEMROOT%\SYSVOL).
      type: path
  notes:
    - It is highly recommended to set I(reboot=true) to have Ansible manage the
      host reboot phase as the actions done by this module puts the host in a
      state where it may not be possible for Ansible to reconnect in a
      subsequent task without a reboot.
    - This module must be run on a Windows target host.
  extends_documentation_fragment:
    - ansible.builtin.action_common_attributes
    - ansible.builtin.action_common_attributes.flow
  attributes:
    check_mode:
      support: full
    diff_mode:
      support: none
    platform:
      platforms:
        - windows
    action:
      support: full
    async:
      support: partial
      details: Supported for all scenarios except with I(reboot=True).
    bypass_host_loop:
      support: none
  seealso:
    - module: microsoft.ad.domain
    - module: microsoft.ad.domain_controller
  author:
    - Jordan Borean (@jborean93)

EXAMPLES: |
  - name: Create a child domain foo.example.com with parent example.com
    microsoft.ad.domain_child:
      dns_domain_name: foo.example.com
      domain_admin_user: testguy@example.com
      domain_admin_password: password123!
      safe_mode_password: password123!
      reboot: true

  - name: Create a domain tree foo.example.com with parent bar.example.com
    microsoft.ad.domain_child:
      dns_domain_name: foo.example.com
      parent_domain_name: bar.example.com
      domain_type: tree
      domain_admin_user: testguy@bar.example.com
      domain_admin_password: password123!
      local_admin_password: password123!
      reboot: true

  # This scenario is not recommended, use reboot: true when possible
  - name: Promote server with custom paths with manual reboot task
    microsoft.ad.domain_child:
      dns_domain_name: foo.ansible.vagrant
      domain_admin_user: testguy@ansible.vagrant
      domain_admin_password: password123!
      safe_mode_password: password123!
      sysvol_path: D:\SYSVOL
      database_path: D:\NTDS
      log_path: D:\NTDS
    register: dc_promotion

  - name: Reboot after promotion
    microsoft.ad.win_reboot:
    when: dc_promotion.reboot_required

RETURNS:
  reboot_required:
    description: True if changes were made that require a reboot.
    returned: always
    type: bool
    sample: true