Release summary for v1.8.0
- Added support for Windows Server 2025
- domain - Added
replication_source_dc
to specify the domain controller to use as the replication source for the new domain - #159 - domain_controller - Added
replication_source_dc
to specify the domain controller to use as the replication source for the new domain controller - #159 - microsoft.ad.user - Added
groups.permissions_failure_action
to control the behaviour when failing to modify the user's groups - (#140).
- split_dn - Splits an LDAP DistinguishedName.
Release summary for v1.7.1. Minor fix for broken action plugin docs
- Fix
microsoft.ad.debug_ldap_client
documentation problem so it appears in theansible-doc
plugin list and online documentation.
Release summary for v1.7.0
- Set minimum supported Ansible version to 2.15 to align with the versions still supported by Ansible.
- microsoft.ad.computer - Added the
do_not_append_dollar_to_sam
option which can create a computer account without the$
suffix when an explicitsam_account_name
was provided without one. - microsoft.ad.domain - Added
reboot_timeout
option to control how long a reboot can go for. - microsoft.ad.domain_child - Added
reboot_timeout
option to control how long a reboot can go for. - microsoft.ad.domain_controller - Added
reboot_timeout
option to control how long a reboot can go for. - microsoft.ad.membership - Added
domain_server
option to specify the DC to use for domain join operations - #131 (comment) - microsoft.ad.membership - Added
reboot_timeout
option to control how long a reboot can go for.
- Removed usages of the python call
datetime.datetime.utcnow()
in favour ofdatetime.datetime.now(datetime.timezone.utc)
. The original method is now deprecated in Python 3.12 and will be removed in a later version. - group - fix error when creating a group with no members explicitly set - #141
- ldap - Filter out managed service accounts in the default LDAP filter used. The
filter_without_computer
can be used to disable the default filter if needed. - membership - allow domain join with hostname change if the account for that host already exists - #145
- microsoft.ad.computer - Added fallback
identity
lookup forsAMAccountName
with the$
suffix. This ensures that finding the computer object will work with or without the$
suffix. - #124 - microsoft.ad.group - Fix setting group members of Builtin groups of a domain controller - #130
- service_account - Manage Active Directory service account objects
Release summary for v1.6.0
- microsoft.ad AD modules - Added
domain_credentials
as a common module option that can be used to specify credentials for specific AD servers. - microsoft.ad AD modules - Added
lookup_failure_action
on all modules that can specify a list of distinguishedName values to control what should happen if the lookup fails. - microsoft.ad.computer - Added the ability to lookup a distinguishedName on a specific domain server for
delegates
andmanaged_by
. - microsoft.ad.group - Added the ability to lookup a distinguishedName on a specific domain server for
managed_by
andmembers
. - microsoft.ad.ou - Added the ability to lookup a distinguishedName on a specific domain server for
managed_by
. - microsoft.ad.user - Added the ability to lookup a distinguishedName on a specific domain server for
delegates
. - microsoft.ad.user - Rename the option
groups.missing_action
togroups.lookup_failure_action
to make the option more consistent with other modules. Themissing_action
option is still supported as an alias. - microsoft.ad.user - Support group member lookup on alternative server using the DN lookup syntax. This syntax uses a dictionary where
name
defined the group to lookup andserver
defines the server to lookup the group on.
- microsoft.ad.membership - Fix hostname check to work with hostnames longer than 15 characters long - #113
- microsoft.ad.user - Fix issue when creating a new user account with
account_locked: false
- #108
Release summary for v1.5.0
- Added
group/microsoft.ad.domain
module defaults group for thecomputer
,group
,object_info
,object
,ou
, anduser
module. Users can use this defaults group to set common connection options for these modules such as thedomain_server
,domain_username
, anddomain_password
options. - Added support for Jinja2 templating in ldap inventory.
- microsoft.ad.group - Support membership lookup of groups that are longer than 20 characters long
- microsoft.ad.membership - Add helpful hint when the failure was due to a missing/invalid
domain_ou_path
- #88
- dn_escape - Escape an LDAP DistinguishedName value string.
- parse_dn - Parses an LDAP DistinguishedName string into an object.
Release summary for v1.4.1
- debug_ldap_client - handle failures when attempting to get the krb5 context and default CCache rather than fail with a traceback
Prepare for v1.4.0 release
- Make
name
an optional parameter for the AD modules. Eithername
oridentity
needs to be set with their respective behaviours. If creating a new AD user and onlyidentity
is set, that will be the value used for the name of the object. - Set minimum supported Ansible version to 2.14 to align with the versions still supported by Ansible.
- object_info - Add ActiveDirectory module import
release summary for v1.3.0
- AD objects will no longer be moved to the default AD path for their type if no
path
was specified. Use the valuemicrosoft.ad.default_path
to explicitly set the path to the default path if that behaviour is desired. - microsoft.ad.ldap - Added the option
filter_without_computer
to not add the AND clauseobjectClass=computer
to the final filter used - #55
- Added the missing dependency
dpapi-ng
to Ansible Execution Environments requirements file for LAPS decryption support - Ensure renaming and moving an object will be done with the
domain_server
anddomain_username
credentials specified - #54 - Fix up
protect_from_deletion
when creating new AD objects - #47 - Fix up date_time attribute comparisons to be idempotent - #57
- microsoft.ad.user - Ensure the
spn
diff after key isspn
and notkerberos_encryption_types
- microsoft.ad.user - treat an expired account as a password that needs to be changed
Release summary for v1.2.0
- microsoft.ad.debug_ldap_client - Add
dpapi_ng
to list of packages checked - microsoft.ad.ldap - Add support for decrypting LAPS encrypted password
- microsoft.ad.ldap - Allow setting LDAP connection and authentication options through environment variables - #34
- Deprecating support for Server 2012 and Server 2012 R2. These OS versions are reaching End of Life status from Microsoft and support for using them in Ansible are nearing its end.
- group - Fix idempotency check when
scope: domainlocal
is set - #31 - microsoft.ad.group - ensure the
scope
andcategory
values are checked as case insensitive to avoid changes when not needed - #31
This release includes the new microsoft.ad.ldap
inventory plugin which can be used to generate an Ansible
inventory from an LDAP/AD source.
- microsoft.ad.user - Fix setting
password_expired
when creating a new user - #25
- as_datetime - Converts an LDAP value to a datetime string
- as_guid - Converts an LDAP value to a GUID string
- as_sid - Converts an LDAP value to a Security Identifier string
- ldap - Inventory plugin for Active Directory
- debug_ldap_client - Get host information for debugging LDAP connections
This is the first release of the microsoft.ad
Ansible collection which contains modules that can be used to managed a Microsoft Active Directory environment.