diff options
| author | Jordan Borean <jborean93@gmail.com> | 2019-03-08 08:44:12 +1000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-03-08 08:44:12 +1000 |
| commit | 008db85d44ac47fd36b9b5edf9771d04cafb451f (patch) | |
| tree | 51440895439855679a89caa12e9a2257b238b32a | |
| parent | bf58f84167e662d5d2397884e7af44ac92a4c9e9 (diff) | |
| download | ansible-008db85d44ac47fd36b9b5edf9771d04cafb451f.tar.gz | |
win_domain: fix issue when running without credential delegation (#53480)
* win_domain: fix issue when running without credential delegation
* Add check for reboot is required to complete role e install
* Fix changelog sanity issue
* removed meta file accidentally committed
| -rw-r--r-- | changelogs/fragments/win_domain-cred.yaml | 3 | ||||
| -rw-r--r-- | lib/ansible/modules/windows/win_domain.ps1 | 21 |
2 files changed, 20 insertions, 4 deletions
diff --git a/changelogs/fragments/win_domain-cred.yaml b/changelogs/fragments/win_domain-cred.yaml new file mode 100644 index 0000000000..b174d20466 --- /dev/null +++ b/changelogs/fragments/win_domain-cred.yaml @@ -0,0 +1,3 @@ +bugfixes: +- win_domain - Fix when running without credential delegated authentication - https://github.com/ansible/ansible/issues/53182 +- 'win_domain - Do not fail if DC is already promoted but a reboot is required, return ``reboot_required: True``' diff --git a/lib/ansible/modules/windows/win_domain.ps1 b/lib/ansible/modules/windows/win_domain.ps1 index 4039c360f8..a978fccec3 100644 --- a/lib/ansible/modules/windows/win_domain.ps1 +++ b/lib/ansible/modules/windows/win_domain.ps1 @@ -71,8 +71,10 @@ if (($forest_mode -ne $null) -and -not ($forest_mode -in $valid_forest_modes)) { $forest = $null try { - $forest = Get-ADForest $dns_domain_name -ErrorAction SilentlyContinue -} catch { } + # Cannot use Get-ADForest as that requires credential delegation, the below does not + $forest_context = New-Object -TypeName System.DirectoryServices.ActiveDirectory.DirectoryContext -ArgumentList Forest, $dns_domain_name + $forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($forest_context) +} catch [System.DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException] { } if (-not $forest) { $result.changed = $true @@ -113,13 +115,24 @@ if (-not $forest) { $install_params.ForestMode = $forest_mode } - $iaf = Install-ADDSForest @install_params + $iaf = $null + try { + $iaf = Install-ADDSForest @install_params + } catch [Microsoft.DirectoryServices.Deployment.DCPromoExecutionException] { + # ExitCode 15 == 'Role change is in progress or this computer needs to be restarted.' + # DCPromo exit codes details can be found at https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/troubleshooting-domain-controller-deployment + if ($_.Exception.ExitCode -eq 15) { + $result.reboot_required = $true + } else { + Fail-Json -obj $result -message "Failed to install ADDSForest with DCPromo: $($_.Exception.Message)" + } + } if ($check_mode) { # the return value after -WhatIf does not have RebootRequired populated # manually set to True as the domain would have been installed $result.reboot_required = $true - } else { + } elseif ($null -ne $iaf) { $result.reboot_required = $iaf.RebootRequired # The Netlogon service is set to auto start but is not started. This is |