Skip to content

Latest commit

 

History

History
251 lines (170 loc) · 9.98 KB

CHANGELOG.rst

File metadata and controls

251 lines (170 loc) · 9.98 KB

Ansible Microsoft Active Directory Release Notes

Release summary for v1.8.0

  • Added support for Windows Server 2025
  • domain - Added replication_source_dc to specify the domain controller to use as the replication source for the new domain - #159
  • domain_controller - Added replication_source_dc to specify the domain controller to use as the replication source for the new domain controller - #159
  • microsoft.ad.user - Added groups.permissions_failure_action to control the behaviour when failing to modify the user's groups - (#140).
  • split_dn - Splits an LDAP DistinguishedName.

Release summary for v1.7.1. Minor fix for broken action plugin docs

  • Fix microsoft.ad.debug_ldap_client documentation problem so it appears in the ansible-doc plugin list and online documentation.

Release summary for v1.7.0

  • Set minimum supported Ansible version to 2.15 to align with the versions still supported by Ansible.
  • microsoft.ad.computer - Added the do_not_append_dollar_to_sam option which can create a computer account without the $ suffix when an explicit sam_account_name was provided without one.
  • microsoft.ad.domain - Added reboot_timeout option to control how long a reboot can go for.
  • microsoft.ad.domain_child - Added reboot_timeout option to control how long a reboot can go for.
  • microsoft.ad.domain_controller - Added reboot_timeout option to control how long a reboot can go for.
  • microsoft.ad.membership - Added domain_server option to specify the DC to use for domain join operations - #131 (comment)
  • microsoft.ad.membership - Added reboot_timeout option to control how long a reboot can go for.
  • Removed usages of the python call datetime.datetime.utcnow() in favour of datetime.datetime.now(datetime.timezone.utc). The original method is now deprecated in Python 3.12 and will be removed in a later version.
  • group - fix error when creating a group with no members explicitly set - #141
  • ldap - Filter out managed service accounts in the default LDAP filter used. The filter_without_computer can be used to disable the default filter if needed.
  • membership - allow domain join with hostname change if the account for that host already exists - #145
  • microsoft.ad.computer - Added fallback identity lookup for sAMAccountName with the $ suffix. This ensures that finding the computer object will work with or without the $ suffix. - #124
  • microsoft.ad.group - Fix setting group members of Builtin groups of a domain controller - #130
  • service_account - Manage Active Directory service account objects

Release summary for v1.6.0

  • microsoft.ad AD modules - Added domain_credentials as a common module option that can be used to specify credentials for specific AD servers.
  • microsoft.ad AD modules - Added lookup_failure_action on all modules that can specify a list of distinguishedName values to control what should happen if the lookup fails.
  • microsoft.ad.computer - Added the ability to lookup a distinguishedName on a specific domain server for delegates and managed_by.
  • microsoft.ad.group - Added the ability to lookup a distinguishedName on a specific domain server for managed_by and members.
  • microsoft.ad.ou - Added the ability to lookup a distinguishedName on a specific domain server for managed_by.
  • microsoft.ad.user - Added the ability to lookup a distinguishedName on a specific domain server for delegates.
  • microsoft.ad.user - Rename the option groups.missing_action to groups.lookup_failure_action to make the option more consistent with other modules. The missing_action option is still supported as an alias.
  • microsoft.ad.user - Support group member lookup on alternative server using the DN lookup syntax. This syntax uses a dictionary where name defined the group to lookup and server defines the server to lookup the group on.
  • microsoft.ad.membership - Fix hostname check to work with hostnames longer than 15 characters long - #113
  • microsoft.ad.user - Fix issue when creating a new user account with account_locked: false - #108

Release summary for v1.5.0

  • Added group/microsoft.ad.domain module defaults group for the computer, group, object_info, object, ou, and user module. Users can use this defaults group to set common connection options for these modules such as the domain_server, domain_username, and domain_password options.
  • Added support for Jinja2 templating in ldap inventory.
  • microsoft.ad.group - Support membership lookup of groups that are longer than 20 characters long
  • microsoft.ad.membership - Add helpful hint when the failure was due to a missing/invalid domain_ou_path - #88
  • dn_escape - Escape an LDAP DistinguishedName value string.
  • parse_dn - Parses an LDAP DistinguishedName string into an object.

Release summary for v1.4.1

  • debug_ldap_client - handle failures when attempting to get the krb5 context and default CCache rather than fail with a traceback

Prepare for v1.4.0 release

  • Make name an optional parameter for the AD modules. Either name or identity needs to be set with their respective behaviours. If creating a new AD user and only identity is set, that will be the value used for the name of the object.
  • Set minimum supported Ansible version to 2.14 to align with the versions still supported by Ansible.
  • object_info - Add ActiveDirectory module import

release summary for v1.3.0

  • AD objects will no longer be moved to the default AD path for their type if no path was specified. Use the value microsoft.ad.default_path to explicitly set the path to the default path if that behaviour is desired.
  • microsoft.ad.ldap - Added the option filter_without_computer to not add the AND clause objectClass=computer to the final filter used - #55
  • Added the missing dependency dpapi-ng to Ansible Execution Environments requirements file for LAPS decryption support
  • Ensure renaming and moving an object will be done with the domain_server and domain_username credentials specified - #54
  • Fix up protect_from_deletion when creating new AD objects - #47
  • Fix up date_time attribute comparisons to be idempotent - #57
  • microsoft.ad.user - Ensure the spn diff after key is spn and not kerberos_encryption_types
  • microsoft.ad.user - treat an expired account as a password that needs to be changed

Release summary for v1.2.0

  • microsoft.ad.debug_ldap_client - Add dpapi_ng to list of packages checked
  • microsoft.ad.ldap - Add support for decrypting LAPS encrypted password
  • microsoft.ad.ldap - Allow setting LDAP connection and authentication options through environment variables - #34
  • Deprecating support for Server 2012 and Server 2012 R2. These OS versions are reaching End of Life status from Microsoft and support for using them in Ansible are nearing its end.
  • group - Fix idempotency check when scope: domainlocal is set - #31
  • microsoft.ad.group - ensure the scope and category values are checked as case insensitive to avoid changes when not needed - #31

This release includes the new microsoft.ad.ldap inventory plugin which can be used to generate an Ansible inventory from an LDAP/AD source.

  • microsoft.ad.user - Fix setting password_expired when creating a new user - #25
  • as_datetime - Converts an LDAP value to a datetime string
  • as_guid - Converts an LDAP value to a GUID string
  • as_sid - Converts an LDAP value to a Security Identifier string
  • ldap - Inventory plugin for Active Directory
  • debug_ldap_client - Get host information for debugging LDAP connections

This is the first release of the microsoft.ad Ansible collection which contains modules that can be used to managed a Microsoft Active Directory environment.