win_domain_user: add retry logic for null user principal group (#54334)
* win_domain_user: add retry logic for null user principal group * win_domain_user.ps1: Fix "user without group" case use * Added changelog fragment * Fix up missing dollar sign
This commit is contained in:
Daniel-Sanchez-Fabregas
Jordan Borean
parent
bf8fe221bf
commit
cd39e6ec6e
2 changed files with 19 additions and 9 deletions
2
changelogs/fragments/win_domain_user-group-missing.yaml
Normal file
2
changelogs/fragments/win_domain_user-group-missing.yaml
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- win_domain_user - Better handle cases when getting a new user's groups fail - https://github.com/ansible/ansible/issues/54331
|
||||||
|
|
@ -125,6 +125,21 @@ if ($null -ne $domain_server) {
|
||||||
$extra_args.Server = $domain_server
|
$extra_args.Server = $domain_server
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Function Get-PrincipalGroups {
|
||||||
|
Param ($identity, $args_extra)
|
||||||
|
try{
|
||||||
|
$groups = Get-ADPrincipalGroupMembership -Identity $identity @args_extra -ErrorAction Stop
|
||||||
|
} catch {
|
||||||
|
Add-Warning -obj $result -message "Failed to enumerate user groups but continuing on.: $($_.Exception.Message)"
|
||||||
|
return @()
|
||||||
|
}
|
||||||
|
|
||||||
|
$result_groups = foreach ($group in $groups) {
|
||||||
|
$group.DistinguishedName
|
||||||
|
}
|
||||||
|
return $result_groups
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$user_obj = Get-ADUser -Identity $identity -Properties * @extra_args
|
$user_obj = Get-ADUser -Identity $identity -Properties * @extra_args
|
||||||
$user_guid = $user_obj.ObjectGUID
|
$user_guid = $user_obj.ObjectGUID
|
||||||
|
|
@ -284,10 +299,7 @@ If ($state -eq 'present') {
|
||||||
$groups += (Get-ADGroup -Identity $group @extra_args).DistinguishedName
|
$groups += (Get-ADGroup -Identity $group @extra_args).DistinguishedName
|
||||||
}
|
}
|
||||||
|
|
||||||
$assigned_groups = @()
|
$assigned_groups = Get-PrincipalGroups $user_guid $extra_args
|
||||||
Foreach ($group in (Get-ADPrincipalGroupMembership -Identity $user_guid @extra_args)) {
|
|
||||||
$assigned_groups += $group.DistinguishedName
|
|
||||||
}
|
|
||||||
|
|
||||||
switch ($groups_action) {
|
switch ($groups_action) {
|
||||||
"add" {
|
"add" {
|
||||||
|
|
@ -359,11 +371,7 @@ If ($user_obj) {
|
||||||
$result.account_locked = $user_obj.LockedOut
|
$result.account_locked = $user_obj.LockedOut
|
||||||
$result.sid = [string]$user_obj.SID
|
$result.sid = [string]$user_obj.SID
|
||||||
$result.upn = $user_obj.UserPrincipalName
|
$result.upn = $user_obj.UserPrincipalName
|
||||||
$user_groups = @()
|
$result.groups = Get-PrincipalGroups $user_guid $extra_args
|
||||||
Foreach ($group in (Get-ADPrincipalGroupMembership $user_guid @extra_args)) {
|
|
||||||
$user_groups += $group.name
|
|
||||||
}
|
|
||||||
$result.groups = $user_groups
|
|
||||||
$result.msg = "User '$name' is present"
|
$result.msg = "User '$name' is present"
|
||||||
$result.state = "present"
|
$result.state = "present"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue