■ ■ ■ ■ ■ ■
ansible/roles/trusts/tasks/main.yml
| 1 | + | - name: "Prepare to trust flush and renew dns" |
| 2 | + | win_shell: | |
| 3 | + | ipconfig /flushdns |
| 4 | + | ipconfig /renew |
| 5 | + | |
1 | 6 | | # source : https://social.technet.microsoft.com/wiki/contents/articles/11911.active-directory-powershell-how-to-create-forest-trust.aspx |
2 | 7 | | - name: Add trusts between domain |
3 | 8 | | ansible.windows.win_powershell: |
| skipped 24 lines |
28 | 33 | | RemoteForest: "{{remote_forest}}" |
29 | 34 | | RemoteAdmin: "{{remote_admin}}" |
30 | 35 | | RemoteAdminPassword: "{{remote_admin_password}}" |
| 36 | + | vars: |
| 37 | + | ansible_become: yes |
| 38 | + | ansible_become_method: runas |
| 39 | + | ansible_become_user: "{{domain_username}}" |
| 40 | + | ansible_become_password: "{{domain_password}}" |
31 | 41 | | register: |
32 | 42 | | trust_result |
33 | 43 | | |
| skipped 1 lines |
35 | 45 | | win_reboot: |
36 | 46 | | test_command: "Get-ADUser -Identity Administrator -Properties *" |
37 | 47 | | when: trust_result.changed |
| 48 | + | |
| 49 | + | |
| 50 | + | # $localforest=[System.DirectoryServices.ActiveDirectory.Forest]::getCurrentForest() |
| 51 | + | # try { |
| 52 | + | # $trustPassword = "TrustP@$$w0rd12" |
| 53 | + | # $localForest.CreateLocalSideOfTrustRelationship($RemoteForest,"Bidirectional",$trustPassword) |
| 54 | + | # $Ansible.Changed = $true |
| 55 | + | # } catch [System.DirectoryServices.ActiveDirectory.ActiveDirectoryObjectExistsException] { |
| 56 | + | # $Ansible.Changed = $false |
| 57 | + | |
| 58 | + | - name: Show trust result |
| 59 | + | win_shell: | |
| 60 | + | $obj = Get-CimInstance -Class Microsoft_DomainTrustStatus -Namespace root\microsoftactivedirectory |
| 61 | + | Write-Output -InputObject $obj |
| 62 | + | vars: |
| 63 | + | ansible_become: yes |
| 64 | + | ansible_become_method: runas |
| 65 | + | domain_name: "{{domain}}" |
| 66 | + | ansible_become_user: "{{domain_username}}" |
| 67 | + | ansible_become_password: "{{domain_password}}" |