Create windows user with temporary password

Archives Ansible Project
1

Hi Ansible community,

I’m wondering how to create Windows users with a temporary password.
A common workflow is to create users with a temporary password, send the temporary password and force users to change their password during first login.

Maybe I’m wrong but win_user module can’t do that because “password_expired” is not limited by “update_password: on_create” (Should be here in source code).

So password is configured as “expired” on each Ansible execution.

I tried to do this:

  • name: Create windows users
    win_user:
    name: “{{ item.username }}”
    password: “{{ item.initial_password }}”
    password_expired: yes
    update_password: on_create
    fullname: “{{ item.fullname }}”
    description: “{{ item.description }}”
    groups:
  • Users
    state: present

This code works well to create users but force expiration everytime.

I’m wondering if there is a method to create Windows users with a temporary password and force them to change it during first login?

Thanks for your help,

2

Not tried this, but you might be able to do this with two win_user tasks.

Assuming you don’t set password_expired: yes,if you use register on the result of the first one, then you will have recorded in the registered var whether user already existed, or whether they were created on this run.

Then you can run a second 'win_user` only on the users which were created this time and set whatever password expiry or other user attributes only for newly-created users.

Something like this:

`

  • name: User management test
    hosts: “10,”
    gather_facts: False
    vars:
    my_users:
  • { username: bob, initial_password: seekrit, fullname: “Robert Asker”, description: “Test Ask User” }
  • { username: alice, initial_password: seekrit, fullname: “Alice Answerer”, description: “Test Answer User” }
  • { username: malcolm, initial_password: seekrit, fullname: “Malcolm InTheMiddle”, description: “Test MITM User” }

tasks:

  • name: Ensure windows users are present
    win_user:
    name: “{{ item.username }}”
    password: “{{ item.initial_password }}”
    update_password: on_create
    fullname: “{{ item.fullname }}”
    description: “{{ item.description }}”
    groups:

  • Users
    state: present
    with_items: “{{my_users}}”
    register: ensure_users

  • name: view ensure user results
    debug:
    var: ensure_users

  • name: Expire password of newly-created windows users
    win_user:
    name: “{{ item.name }}”
    password_expired: yes
    update_password: always
    state: present
    with_items: “{{ ensure_users.results}}”
    when: item is changed
    `