Ansible Windows: Add account to group administrators FR/US

Archives Ansible Project
1

Hello,

I’m starting with Ansible. I would like to know in a playbook how to test if the windows computer is in version FR or US. Following the test, I would add account users to the local “Administrators” or “Administrateurs” group.

By default:

  • name: Add a user
    Hosts: windows_tst
    Gather_facts: false
    tasks:
  • name: Add User
    win_user:
    Name: admintest
    Password: “mypassword”
    State: present
    Groups: Administrators

But if I am on a computer in French, the group administrors does not exist.

How I can solve this problem.

Thank you in advance for your assistance.
Regards

2

Hey

One thing you can do is use the win_region module https://docs.ansible.com/ansible/win_region_module.html to change the region of your hosts to a common value. If this isn’t what you can do, you can also run an adhoc command to determine the group name based on the SID. Give the below tasks a shot and see if it returns what you are looking for.

  • name: get group name from sid
    win_command: powershell.exe “((New-Object System.Security.Principal.SecurityIdentifier(‘S-1-5-32-544’)).Translate([System.Security.Principal.NTAccount]).Value -split ‘\’)[1]”
    register: admin_group
  • debug:
    var: admin_group.stdout_lines[0]

It looks up the group name based on the SID ‘S-1-5-32-544’ which is the default SID for the local administrators group and should be consistent across all Windows OS’.

Thanks

Jordan

3

Hello Jordan,

Thank you very mutch. I had the same raissonement with a custom script.
Yesterday, i created a specifical script to ckeck a groups.

function Get-AdministratorsGroupName {

$LocalGroup = @(‘Administrators’, ‘Administrateurs’, ‘Domain Admins’)

foreach ($Group in $LocalGroup){
Try{
if(([adsi]“WinNT://./$Group,group”).psbase.Invoke(‘Members’)){
return $Group
}
} catch {}
}
}

Get-AdministratorsGroupName

Regards