blob: 99243e484f486ec99a5e74000700de6b553577e0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
#!powershell
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# WANT_JSON
# POWERSHELL_COMMON
Set-StrictMode -Version 2
$ErrorActionPreference = "Stop"
# FUTURE: consider action wrapper to manage reboots and credential changes
Function Ensure-Prereqs {
$gwf = Get-WindowsFeature AD-Domain-Services
If($gwf.InstallState -ne "Installed") {
$result.changed = $true
If($check_mode) {
Exit-Json $result
}
$awf = Add-WindowsFeature AD-Domain-Services
# FUTURE: check if reboot necessary
}
}
$parsed_args = Parse-Args $args -supports_check_mode $true
$check_mode = Get-AnsibleParam $parsed_args "_ansible_check_mode" -default $false
$dns_domain_name = Get-AnsibleParam $parsed_args "dns_domain_name" -failifempty $true
$safe_mode_admin_password = Get-AnsibleParam $parsed_args "safe_mode_password" -failifempty $true
$forest = $null
# FUTURE: support down to Server 2012?
If([System.Environment]::OSVersion.Version -lt [Version]"6.3.9600.0") {
Fail-Json -message "win_domain requires Windows Server 2012R2 or higher"
}
$result = @{changed=$false; reboot_required=$false}
# FUTURE: any sane way to do the detection under check-mode *without* installing the feature?
Ensure-Prereqs
Try {
$forest = Get-ADForest $dns_domain_name -ErrorAction SilentlyContinue
}
Catch { }
If(-not $forest) {
$result.changed = $true
If(-not $check_mode) {
$sm_cred = ConvertTo-SecureString $safe_mode_admin_password -AsPlainText -Force
$install_forest_args = @{
DomainName=$dns_domain_name;
SafeModeAdministratorPassword=$sm_cred;
Confirm=$false;
SkipPreChecks=$true;
InstallDNS=$true;
NoRebootOnCompletion=$true;
}
$iaf = Install-ADDSForest @install_forest_args
$result.reboot_required = $iaf.RebootRequired
}
}
Exit-Json $result
|
