win_domain_membership - Manage domain/workgroup membership for a Windows host

New in version 2.3.

Synopsis
Parameters
Examples
Return Values
Status
Maintenance
- Support
- Author

Synopsis

Manages domain membership or workgroup membership for a Windows host. Also supports hostname changes.
This module may require subsequent use of the win_reboot action if changes are made.

Parameters

Parameter	Choices/Defaults	Comments
dns_domain_name		When `state` is `domain`, the DNS name of the domain to which the targeted Windows host should be joined.
domain_admin_password		Password for the specified `domain_admin_user`.
domain_admin_user required		Username of a domain admin for the target domain (required to join or leave the domain).
domain_ou_path (added in 2.4)		The desired OU path for adding the computer object. This is only used when adding the target host to a domain, if it is already a member then it is ignored.
hostname		The desired hostname for the Windows host.
state	Choices: domain workgroup	Whether the target host should be a member of a domain or workgroup.
workgroup_name		When `state` is `workgroup`, the name of the workgroup that the Windows host should be in.

Examples

# host should be a member of domain ansible.vagrant; module will ensure the hostname is mydomainclient
# and will use the passed credentials to join domain if necessary.
# Ansible connection should use local credentials if possible.
# If a reboot is required, the second task will trigger one and wait until the host is available.
- hosts: winclient
  gather_facts: no
  tasks:
  - win_domain_membership:
      dns_domain_name: ansible.vagrant
      hostname: mydomainclient
      domain_admin_user: [email protected]
      domain_admin_password: password123!
      domain_ou_path: "OU=Windows,OU=Servers,DC=ansible,DC=vagrant"
      state: domain
    register: domain_state

  - win_reboot:
    when: domain_state.reboot_required



# Host should be in workgroup mywg- module will use the passed credentials to clean-unjoin domain if possible.
# Ansible connection should use local credentials if possible.
# The domain admin credentials can be sourced from a vault-encrypted variable
- hosts: winclient
  gather_facts: no
  tasks:
  - win_domain_membership:
      workgroup_name: mywg
      domain_admin_user: '{{ win_domain_admin_user }}'
      domain_admin_password: '{{ win_domain_admin_password }}'
      state: workgroup

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
reboot_required boolean	always	True if changes were made that require a reboot. Sample: True

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance

This module is flagged as core which means that it is maintained by the Ansible Core Team. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Core Team, see here.

Support

For more information about Red Hat’s support of this module, please refer to this Knowledge Base article

Author

Matt Davis (@nitzmahone)

Hint

If you notice any issues in this documentation you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.6/modules/win_domain_membership_module.html