win_domain: fix issue when running without credential delegation (#53480)
* win_domain: fix issue when running without credential delegation * Add check for reboot is required to complete role e install * Fix changelog sanity issue * removed meta file accidentally committed
This commit is contained in:
parent
bf58f84167
commit
008db85d44
2 changed files with 20 additions and 4 deletions
3
changelogs/fragments/win_domain-cred.yaml
Normal file
3
changelogs/fragments/win_domain-cred.yaml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
bugfixes:
|
||||||
|
- win_domain - Fix when running without credential delegated authentication - https://github.com/ansible/ansible/issues/53182
|
||||||
|
- 'win_domain - Do not fail if DC is already promoted but a reboot is required, return ``reboot_required: True``'
|
|
@ -71,8 +71,10 @@ if (($forest_mode -ne $null) -and -not ($forest_mode -in $valid_forest_modes)) {
|
||||||
|
|
||||||
$forest = $null
|
$forest = $null
|
||||||
try {
|
try {
|
||||||
$forest = Get-ADForest $dns_domain_name -ErrorAction SilentlyContinue
|
# Cannot use Get-ADForest as that requires credential delegation, the below does not
|
||||||
} catch { }
|
$forest_context = New-Object -TypeName System.DirectoryServices.ActiveDirectory.DirectoryContext -ArgumentList Forest, $dns_domain_name
|
||||||
|
$forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($forest_context)
|
||||||
|
} catch [System.DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException] { }
|
||||||
|
|
||||||
if (-not $forest) {
|
if (-not $forest) {
|
||||||
$result.changed = $true
|
$result.changed = $true
|
||||||
|
@ -113,13 +115,24 @@ if (-not $forest) {
|
||||||
$install_params.ForestMode = $forest_mode
|
$install_params.ForestMode = $forest_mode
|
||||||
}
|
}
|
||||||
|
|
||||||
$iaf = Install-ADDSForest @install_params
|
$iaf = $null
|
||||||
|
try {
|
||||||
|
$iaf = Install-ADDSForest @install_params
|
||||||
|
} catch [Microsoft.DirectoryServices.Deployment.DCPromoExecutionException] {
|
||||||
|
# ExitCode 15 == 'Role change is in progress or this computer needs to be restarted.'
|
||||||
|
# DCPromo exit codes details can be found at https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/troubleshooting-domain-controller-deployment
|
||||||
|
if ($_.Exception.ExitCode -eq 15) {
|
||||||
|
$result.reboot_required = $true
|
||||||
|
} else {
|
||||||
|
Fail-Json -obj $result -message "Failed to install ADDSForest with DCPromo: $($_.Exception.Message)"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if ($check_mode) {
|
if ($check_mode) {
|
||||||
# the return value after -WhatIf does not have RebootRequired populated
|
# the return value after -WhatIf does not have RebootRequired populated
|
||||||
# manually set to True as the domain would have been installed
|
# manually set to True as the domain would have been installed
|
||||||
$result.reboot_required = $true
|
$result.reboot_required = $true
|
||||||
} else {
|
} elseif ($null -ne $iaf) {
|
||||||
$result.reboot_required = $iaf.RebootRequired
|
$result.reboot_required = $iaf.RebootRequired
|
||||||
|
|
||||||
# The Netlogon service is set to auto start but is not started. This is
|
# The Netlogon service is set to auto start but is not started. This is
|
||||||
|
|
Loading…
Reference in a new issue