1、准备
1.1 Managed node
AD域主机
或
选择其他Windows机器作为跳板,建议使用windows server 2012及以上版本,该主机需要满足可以由ansible主机连接,同时可以访问AD域主机
如果使用其他Windows主机,则需要在该主机上安装Powershell的AD管理模块
打开WinRM模块:
使用超级管理员打开powershell,运行如下脚本https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
1.2 Control node
使用ansible连接Windows时,需要使用pywinrm模块,手动进行安装。
pip install pywinrm
2、配置
2.1 Managed node信息配置
$ cat /etc/ansible/hosts [ad] 10.7.37.11 [ad:vars] ansible_user=administrator ansible_password=yCcJy3zTc9Z$3uvr ansible_connection=winrm ansible_winrm_server_cert_validation=ignore
2.2 playbook配置
---
- name: cfad
hosts: ad # Managed node里的组名
tasks:
- name: Ensure user Si.Li created and use custom credentials to create the user # 自定义任务名称
win_domain_user:
name: Si.Li # AD用户条目名称
firstname: Si # first name
surname: Li # last name
password: B0bP4ssw0rd # password
upn: Si.Li@cf.com # user logon name
state: present # 如果用户已存在,则对其更新;如果不存在,则新建。
country: CN # CN = China
company: Shangri-La Hotel Management (Shanghai) Co., Ltd Beijing Branch # company
city: BJ # city
email: Si.Li@cf.com # Email
description: BJS # Description
attributes:
telephoneNumber: 555-123458 # telnetphoneNumber
displayname: Li-Si # displayname
Department: Technology Development # department
Manager: CN=San.Zhang,CN=Users,DC=cf,DC=com # Manager , 这里需要指定Manager 的DN
Title: CIO # Job Title
physicalDeliveryOfficeName: TDC-AL # Office
proxyAddresses: SMTP:Si.Li@cf.com # proxyAddresses
# mailNickname: San.Zhang # ----------mailNickName,未发现属性
msDS-cloudExtensionAttribute1: E3 # msDS-cloudExtensionAttribute1
# msExchRecipientTypeDetails: 128 # ----------msExchRecipientTypeDetails,未发现属性
# extensionAttribute1: Enable # ----------extensionAttribute1,未发现属性
domain_username: CF\ADADMIN # 用于与AD交互的用户名
domain_password: Passw0rd # 用于与AD交互的用户的密码
domain_server: ADDOMAIN # AD域主机
- name: Task 2 here # 自定义任务2
3、执行
