Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
---
- name: AD - Department Security Group Maintenance Playbook
hosts: <domaincontroller>
gather_facts: no
vars:
- department_name: <dept_name>
- ou: <ou>
tasks:
- name: Get department_name users
win_shell: (get-aduser -LDAPFilter "(department={{ department_name }})").samaccountname
register: ad_users_list
changed_when: False
- name: Make sure group exists and the attributes are correct
win_domain_group:
name: "{{ department_name }}_department"
attributes:
description: Ansible Managed Group
displayname: "{{ department_name | title }} Department"
scope: universal
state: present
category: security
organizational_unit: "{{ ou }}"
- name: Build the member list
win_domain_group_membership:
name: "{{ department_name }}_department"
members: "{{ ad_users_list.stdout_lines }}"
state: pure
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment