community.general/lib/ansible/modules/windows/win_domain.ps1

#!powershell

# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

#Requires -Module Ansible.ModuleUtils.Legacy

Set-StrictMode -Version 2
$ErrorActionPreference = "Stop"

# FUTURE: consider action wrapper to manage reboots and credential changes

Function Ensure-Prereqs {
    $gwf = Get-WindowsFeature AD-Domain-Services
    If($gwf.InstallState -ne "Installed") {
        $result.changed = $true

        If($check_mode) {
            Exit-Json $result
        }
        $awf = Add-WindowsFeature AD-Domain-Services
        # FUTURE: check if reboot necessary
    }
}

$params = Parse-Args $args -supports_check_mode $true
$check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false
$dns_domain_name = Get-AnsibleParam -obj $params -name "dns_domain_name" -failifempty $true
$domain_netbios_name = Get-AnsibleParam -obj $params -name "domain_netbios_name"
$safe_mode_admin_password = Get-AnsibleParam -obj $params -name "safe_mode_password" -failifempty $true
$database_path = Get-AnsibleParam -obj $params -name "database_path" -type "path"
$sysvol_path = Get-AnsibleParam -obj $params -name "sysvol_path" -type "path"

$forest = $null

# FUTURE: support down to Server 2012?
If([System.Environment]::OSVersion.Version -lt [Version]"6.3.9600.0") {
    Fail-Json -message "win_domain requires Windows Server 2012R2 or higher"
}

$result = @{changed=$false; reboot_required=$false}

# FUTURE: any sane way to do the detection under check-mode *without* installing the feature?

Ensure-Prereqs

Try {
    $forest = Get-ADForest $dns_domain_name -ErrorAction SilentlyContinue
}
Catch { }

If(-not $forest) {
    $result.changed = $true

    If(-not $check_mode) {
        $sm_cred = ConvertTo-SecureString $safe_mode_admin_password -AsPlainText -Force

        $install_forest_args = @{
            DomainName=$dns_domain_name;
            SafeModeAdministratorPassword=$sm_cred;
            Confirm=$false;
            SkipPreChecks=$true;
            InstallDns=$true;
            NoRebootOnCompletion=$true;
        }
        if ($database_path) {
            $install_forest_args.DatabasePath = $database_path
        }
        if ($sysvol_path) {
            $install_forest_args.SysvolPath = $sysvol_path
        }
        if ($domain_netbios_name) {
            $install_forest_args.DomainNetBiosName = $domain_netbios_name
        }
        
        $iaf = Install-ADDSForest @install_forest_args

        $result.reboot_required = $iaf.RebootRequired

        # The Netlogon service is set to auto start but is not started. This is
        # required for Ansible to connect back to the host and reboot in a
        # later task. Even if this fails Ansible can still connect but only
        # with ansible_winrm_transport=basic so we just display a warning if
        # this fails.
        try {
            Start-Service -Name Netlogon
        } catch {
            Add-Warning -obj $result -message "Failed to start the Netlogon service after promoting the host, Ansible may be unable to connect until the host is manually rebooting: $($_.Exception.Message)"
        }
    }
}

Exit-Json $result
initial commit of win_domain module (#22179) 2017-03-02 01:49:15 +00:00			`#!powershell`
Windows: Add "special" parameter types to docs (#42853) * Windows: Add special parameter types Adding explicit parameter types now exposes this information in the module documentation, and proves really helpful. We only do this for non-string types as strings, mostly because strings are implicit. PS We also make copyright statements consistent and use #Requires for explicit library imports * Type "string" must be type "str" * A few more Copyright corrections * More fixes * Don't add file encoding to Powershell files * Don't add missing interfacetypes parameter Otherwise CI demands an incorrect version_added * Small fix 2018-07-17 21:29:05 +00:00
			`# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)`

			`#Requires -Module Ansible.ModuleUtils.Legacy`
initial commit of win_domain module (#22179) 2017-03-02 01:49:15 +00:00
			`Set-StrictMode -Version 2`
			`$ErrorActionPreference = "Stop"`

			`# FUTURE: consider action wrapper to manage reboots and credential changes`

			`Function Ensure-Prereqs {`
			`$gwf = Get-WindowsFeature AD-Domain-Services`
			`If($gwf.InstallState -ne "Installed") {`
			`$result.changed = $true`

			`If($check_mode) {`
			`Exit-Json $result`
			`}`
			`$awf = Add-WindowsFeature AD-Domain-Services`
			`# FUTURE: check if reboot necessary`
			`}`
			`}`

Windows: Add "special" parameter types to docs (#42853) * Windows: Add special parameter types Adding explicit parameter types now exposes this information in the module documentation, and proves really helpful. We only do this for non-string types as strings, mostly because strings are implicit. PS We also make copyright statements consistent and use #Requires for explicit library imports * Type "string" must be type "str" * A few more Copyright corrections * More fixes * Don't add file encoding to Powershell files * Don't add missing interfacetypes parameter Otherwise CI demands an incorrect version_added * Small fix 2018-07-17 21:29:05 +00:00			`$params = Parse-Args $args -supports_check_mode $true`
			`$check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false`
			`$dns_domain_name = Get-AnsibleParam -obj $params -name "dns_domain_name" -failifempty $true`
			`$domain_netbios_name = Get-AnsibleParam -obj $params -name "domain_netbios_name"`
			`$safe_mode_admin_password = Get-AnsibleParam -obj $params -name "safe_mode_password" -failifempty $true`
			`$database_path = Get-AnsibleParam -obj $params -name "database_path" -type "path"`
			`$sysvol_path = Get-AnsibleParam -obj $params -name "sysvol_path" -type "path"`
initial commit of win_domain module (#22179) 2017-03-02 01:49:15 +00:00
			`$forest = $null`

			`# FUTURE: support down to Server 2012?`
			`If([System.Environment]::OSVersion.Version -lt [Version]"6.3.9600.0") {`
			`Fail-Json -message "win_domain requires Windows Server 2012R2 or higher"`
			`}`

			`$result = @{changed=$false; reboot_required=$false}`

			`# FUTURE: any sane way to do the detection under check-mode without installing the feature?`

			`Ensure-Prereqs`

			`Try {`
changed parameter name from forest_root_dns_domain to dns_domain_name (to match documentation and other win_domain* modules) and fix example which has win_domain_controller instead of win_domain for module name. (#23081) 2017-03-29 18:34:45 +00:00			`$forest = Get-ADForest $dns_domain_name -ErrorAction SilentlyContinue`
initial commit of win_domain module (#22179) 2017-03-02 01:49:15 +00:00			`}`
			`Catch { }`

			`If(-not $forest) {`
			`$result.changed = $true`

			`If(-not $check_mode) {`
			`$sm_cred = ConvertTo-SecureString $safe_mode_admin_password -AsPlainText -Force`

			`$install_forest_args = @{`
changed parameter name from forest_root_dns_domain to dns_domain_name (to match documentation and other win_domain* modules) and fix example which has win_domain_controller instead of win_domain for module name. (#23081) 2017-03-29 18:34:45 +00:00			`DomainName=$dns_domain_name;`
initial commit of win_domain module (#22179) 2017-03-02 01:49:15 +00:00			`SafeModeAdministratorPassword=$sm_cred;`
			`Confirm=$false;`
			`SkipPreChecks=$true;`
win_domain: fix typo in cmdlet call (#41993) 2018-06-27 01:29:45 +00:00			`InstallDns=$true;`
initial commit of win_domain module (#22179) 2017-03-02 01:49:15 +00:00			`NoRebootOnCompletion=$true;`
			`}`
win_domain: added option to set database and sysvol path (#34333) * win_domain: added param to set database and sysvol path * fixed up documentation to work with backslashes 2018-01-03 20:32:01 +00:00			`if ($database_path) {`
			`$install_forest_args.DatabasePath = $database_path`
			`}`
			`if ($sysvol_path) {`
			`$install_forest_args.SysvolPath = $sysvol_path`
			`}`
win_domain - Add ability to specify netbios name (#39084) * Added netbios option to win_domain.ps1 and updated documentation * formatting change * formatting change * adding version added line for domain_netbios_name * Identation fix * Clarity fixes for descriptions Changes to description for netbios_domain_name and uniformity changes to other documentation sections (bringing them in line with other sections of the document). * Fix minor indentation 2018-04-24 05:35:38 +00:00			`if ($domain_netbios_name) {`
			`$install_forest_args.DomainNetBiosName = $domain_netbios_name`
			`}`

initial commit of win_domain module (#22179) 2017-03-02 01:49:15 +00:00			`$iaf = Install-ADDSForest @install_forest_args`

			`$result.reboot_required = $iaf.RebootRequired`
win_domain modules: ensure Netlogon service is still running after promotion (#43703) 2018-08-10 06:17:45 +00:00
			`# The Netlogon service is set to auto start but is not started. This is`
			`# required for Ansible to connect back to the host and reboot in a`
			`# later task. Even if this fails Ansible can still connect but only`
			`# with ansible_winrm_transport=basic so we just display a warning if`
			`# this fails.`
			`try {`
			`Start-Service -Name Netlogon`
			`} catch {`
			`Add-Warning -obj $result -message "Failed to start the Netlogon service after promoting the host, Ansible may be unable to connect until the host is manually rebooting: $($_.Exception.Message)"`
			`}`
initial commit of win_domain module (#22179) 2017-03-02 01:49:15 +00:00			`}`
			`}`

			`Exit-Json $result`