Hi there -
I’m trying to get the following domain join script to execute through ansible, but it always fails with error code 1:
C:\windows\system32\djoin.exe /PROVISION /REUSE /DOMAIN **redacted** /MACHINE {{ansible_hostname}} /SAVEFILE c:\{{ansible_hostname}}.txt
The exact same code works fine when I run it from a command prompt on the machine, so I’m very confused why it wouldn’t work.
I’ve tried using raw to execute a script I copied up before, using raw with the script embedded, and also using the script directive.
Here is the error data:
`
fatal: [vagrant1 → redacted]: FAILED! => {“changed”: false, “failed”: true, “invocation”: {“module_args”: {“_raw_params”: “C:\windows\system32\djoin.exe /PROVISION /REUSE /DOMAIN redacted /MACHINE VAGRANT-2012-R2 /SAVEFILE c:\VAGRANT-2012-R2.txt”}, “module_name”: “raw”}, “rc”: 1, “stderr”: “”, “stdout”: “”, “stdout_lines”: }
`
Any thoughts on how to debug this? I can execute other commands via “raw”, and this command works just fine (even running the script ansible copied up directly).
Thanks in advance!
The first thing to verify is that the command will run successfully thru a PSRemoting session. From another computer, issue an “enter-pssession” to the target computer, using the same authentication type as you do from Ansible (Basic/Kerberos). Then, execute your command.
Not sure why you’re not using the Add-Computer cmdlet instead of djoin, but I guess you have your reasons.
Hmm, we may be on to something here. I PSRemote in to the RODC from another RODC and attempted to execute the command (both from a “standard” & admin-priv shell) and it fails similarly (no output to stdout or stderr that I can see). I see a weird exit code with “Write-Host $LastExitCode” though (it’s -1073740940, which never seems to change)
Admittedly, I may be doing things wrong here, but I’m trying to “pre-stage” the account on the RODC with this command, and I don’t see a way to do that with Add-Computer. I’m all ears if you have a way to do it!
You didn’t say anything about the auth mechanism used (in Ansible). If you’re using Kerberos it would be worth testing using Basic creds, as Kerberos is very limited when it comes to multi-machine operations.