win_domain_user allow to update generic attributes (#34558)

* win_domain_user allow to update generic attributes

Signed-off-by: Marko Koehne <marko@mkoehne.de>

* win_domain_user.py fixed indentation

Signed-off-by: Marko Koehne <marko@mkoehne.de>

* win_domain_user.py attributes add version_added

Signed-off-by: Marko Koehne <marko@mkoehne.de>

* win_domain_user.p1 removed attributes from result

Signed-off-by: Marko Koehne <marko@mkoehne.de>

* moved run_change outside of if statement

lib/ansible/modules/windows/win_domain_user.ps1

@@ -64,6 +64,9 @@ $user_info = @{
     Country = Get-AnsibleParam -obj $params -name "country" -type "str"
 }
 
+# Additional attributes
+$attributes = Get-AnsibleParam -obj $params -name "attributes"
+
 # Parameter validation
 If ($account_locked -ne $null -and $account_locked) {
     Fail-Json $result "account_locked must be set to 'no' if provided"
@@ -164,6 +167,46 @@ If ($state -eq 'present') {
             }
         }
 
+        # Set additional attributes
+        $set_args = @{}
+        $run_change = $false
+        if ($attributes -ne $null) {
+            $add_attributes = @{}
+            $replace_attributes = @{}
+            foreach ($attribute in $attributes.GetEnumerator()) {
+                $attribute_name = $attribute.Name
+                $attribute_value = $attribute.Value
+
+                $valid_property = [bool]($user_obj.PSobject.Properties.name -eq $attribute_name)
+                if ($valid_property) {
+                    $existing_value = $user_obj.$attribute_name
+                    if ($existing_value -cne $attribute_value) {
+                        $replace_attributes.$attribute_name = $attribute_value
+                    }                
+                } else {
+                    $add_attributes.$attribute_name = $attribute_value
+                }
+            }
+            if ($add_attributes.Count -gt 0) {
+                $set_args.Add = $add_attributes
+                $run_change = $true
+            }
+            if ($replace_attributes.Count -gt 0) {
+                $set_args.Replace = $replace_attributes
+                $run_change = $true
+            }
+        }
+
+        if ($run_change) {
+            try {
+                $user_obj = $user_obj | Set-ADUser -WhatIf:$check_mode -PassThru @set_args
+            } catch {
+                Fail-Json $result "failed to change user $($username): $($_.Exception.Message)"
+            }
+            $result.changed = $true
+        }
+
+
         # Configure group assignment
         If ($groups -ne $null) {
             $group_list = $groups
@@ -277,4 +320,4 @@ catch {
     Fail-Json $result $_.Exception.Message
 }
 
-Exit-Json $result
+Exit-Json $result

lib/ansible/modules/windows/win_domain_user.py

@@ -148,6 +148,13 @@ options:
         if you specify a path on an existing user, the user's path will not
         be updated - you must delete (e.g., state=absent) the user and
         then re-add the user with the appropriate path.
+  attributes:
+    description:
+      - A dict of custom LDAP attributes to set on the user.
+      - This can be used to set custom attributes that are not exposed as module
+        parameters, e.g. C(telephoneNumber).
+      - See the examples on how to format this parameter.
+    version_added: "2.5"
 notes:
   - Works with Windows 2012R2 and newer.
   - If running on a server that is not a Domain Controller, credential
@@ -175,6 +182,8 @@ EXAMPLES = r'''
     state_province: IN
     postal_code: 12345
     country: US
+    attributes:
+      telephoneNumber: 555-123456
 
 - name: Ensure user bob is present in OU ou=test,dc=domain,dc=local
   win_domain_user: