Exclude match from with_items

How might I go about excluding one item found under with_items?

For example, assume the following:

`
ok: [mytestserver] => {
“aduser”: {
“account_locked”: false,
“attempts”: 1,
“changed”: false,
“city”: “Spanish Fork”,
“company”: “My Test Company”,
“country”: “US”,
“description”: “Regular User”,
“distinguished_name”: “CN=Gomer Pyle,OU=Administration,DC=MyTestCo,DC=com”,
“email”: “GPyle@MyTestCo.com”,
“enabled”: true,
“failed”: false,
“firstname”: “Gomer”,
“groups”: [
“Domain Users”,
“IT Admins”,
“Citrix”,
“Misc”

`

I would like to remove the above user from all groups, except for “Domain Users”… Unsure how to approach it in this scenario:

`
tasks:

• name: “Disable non-vip user {{ user }}”
  win_domain_user:
  name: “{{ user }}”
  password: $1$SomeSalt$tNt/ObWy40s.iTT/tmGYV.
  account_locked: yes
  groups: “{{ item }}”
  groups_action: remove
  with_items:
• aduser.groups

`

Im unclear on what you want, but `when` executes PER loop iteration,
so you can check `item` and skip that iteration depending on the
condition you want.

I should clarify a little. I want to remove all groups except “Domain Users” from the user specified. I am also already using a when statement:

tasks: - name: “Disable non-vip user {{ user }}” win_domain_user: name: “{{ user }}” password: $1$SomeSalt$tNt/ObWy40s.iTT/tmGYV. account_locked: yes groups: “{{ item }}” groups_action: remove with_items: - aduser.groups when: - not vip`

`

well, just reading teh docs on win_domain_user, seems you want`
group_action: replace`

I re-read you response Brian… I should be able to append to my when statement with an and statement or something similar. I will have to go and test it out.

I re-read you response Brian… I should be able to append to my when statement with an and statement or something similar. I will have to go and test it out.

Wow, I totally missed that. That should do exactly what I want to. Thank you!