I’ve got a couple of specific questions about win_domain_group_membership.
I can find where support was backported to 2.8, and where its listed as supported in 2.9 (same post: https://github.com/ansible/ansible/issues/59829)
But I can’t for the life of me figure out how to convince Ansible do to the thing.
The thing being, take Group A from domain 1 and nest it within Group B from domain 2.
`
##CROSS DOMAIN BS.
name: H - Nest R Global in H univeral RW
win_domain_group_membership:
domain_server: “{{ h_domain_server }}”
domain_username: “{{ h_domain_username }}”
domain_password: “{{ h_domain_password }}”
name: “{{ h_u_prefix }}{{ u_name }}{{suffix_RW}}”
members:
Note; for members: I’ve tried numerous ways of indicating that the group its to add is in another domain… domain\group, group@domain, or just group, and all bomb out stating that it cannot be found
`
fatal: [ansible01.DOMAIN.DEV]: FAILED! => {
“added”: ,
“changed”: false,
“msg”: “Could not find domain user, group, service account or computer named devdomain\GGRFStesting123RW”,
“removed”:
}
`
Is there an obvious mistake I’m making?
I’m using ansible 2.9.2 currently.
Looks like I jumped the gun with closing that issue, the backported issue referenced is for a separate problem. The actual cross domain support of groups is still not supported in the module. There is a PR which you can try out https://github.com/ansible/ansible/pull/65138 and comment on if it solves your issue.
I’ve pulled it down and am giving it a shot now, will have results and comment on the PR if successful… so far I’m fighting the woes of a stripped down dev domain.
Microsoft.ActiveDirectory.Management.ADException: Could not add member(s) to one or more ADGroup.
at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)
fatal: [ansible01.domain.DEV]: FAILED! => {
“changed”: false,
“msg”: “Unhandled exception while executing module: Could not add member(s) to one or more ADGroup.”
}
