有没有办法使用ansible将活动目录中的用户分配给多个组?
Is there a way to assign a user in the active directory to multiple groups with ansible?
我创建了一个 ansible-playbook,旨在通过 Ansible 将用户添加到 Active Directory 中的组,代码如下所示:
# addmembertogroup.yaml
# Skip task when 'group' or 'username' is undefined
# Show message when 'group' or 'username' doesn't exist
---
- hosts: brc.testlab.com
gather_facts: no
tasks:
- name: "Add Member to Group"
block:
- name: "Add Member to Group"
community.windows.win_domain_group_membership:
name: "{{group}}"
members: "{{username}}"
state: present
when: (group is defined) and (username is defined)
rescue:
- name: Print when error
debug:
msg: Username / Group not exist
剧本是运行,使用以下命令:
Ansible-playbook –i hosts addmembertogroup.yaml –e group=DNSAdmins –e username=Cahbayu
基于现有的ansible playbook 和命令,我设法将名称为Cahbayu
的用户添加到DNSAdmins
组中。但是,我希望用户在一个命令中属于多个组。例如,我想将用户 Cahbayu
添加到组 DNSAdmins, Backup Operators, Remote Desktop Users
中。我已经将组参数制作成如下列表,但结果仍然失败:
---
- hosts: brc.testlab.com
gather_facts: no
tasks:
- name: "Add Member to Group"
block:
- name: "Add Member to Group"
community.windows.win_domain_group_membership:
name:
- "{{group}}"
members: "{{username}}"
state: present
when: (group is defined) and (username is defined)
rescue:
- name: Print when error
debug:
msg: Username / Group not exist
结果如下:
[无法将用户添加到多个组][1]
因此,我的问题是,有没有办法使用 Ansible 将用户输入到 Active Directory 中的多个组中?谢谢。
(已编辑)
根据提供的答案,我设法使用“循环”将用户分成多个组。
我认为如果您在变量或列表中定义组并遍历要添加用户的列表,我认为您可以做到这一点,检查这个 link 它可能会有所帮助你设法做到了,因为你的剧本正在运行,只需要一个定义明确的循环
https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html[loops in ansible]1
我创建了一个 ansible-playbook,旨在通过 Ansible 将用户添加到 Active Directory 中的组,代码如下所示:
# addmembertogroup.yaml
# Skip task when 'group' or 'username' is undefined
# Show message when 'group' or 'username' doesn't exist
---
- hosts: brc.testlab.com
gather_facts: no
tasks:
- name: "Add Member to Group"
block:
- name: "Add Member to Group"
community.windows.win_domain_group_membership:
name: "{{group}}"
members: "{{username}}"
state: present
when: (group is defined) and (username is defined)
rescue:
- name: Print when error
debug:
msg: Username / Group not exist
剧本是运行,使用以下命令:
Ansible-playbook –i hosts addmembertogroup.yaml –e group=DNSAdmins –e username=Cahbayu
基于现有的ansible playbook 和命令,我设法将名称为Cahbayu
的用户添加到DNSAdmins
组中。但是,我希望用户在一个命令中属于多个组。例如,我想将用户 Cahbayu
添加到组 DNSAdmins, Backup Operators, Remote Desktop Users
中。我已经将组参数制作成如下列表,但结果仍然失败:
---
- hosts: brc.testlab.com
gather_facts: no
tasks:
- name: "Add Member to Group"
block:
- name: "Add Member to Group"
community.windows.win_domain_group_membership:
name:
- "{{group}}"
members: "{{username}}"
state: present
when: (group is defined) and (username is defined)
rescue:
- name: Print when error
debug:
msg: Username / Group not exist
结果如下: [无法将用户添加到多个组][1]
因此,我的问题是,有没有办法使用 Ansible 将用户输入到 Active Directory 中的多个组中?谢谢。
(已编辑)
根据提供的答案,我设法使用“循环”将用户分成多个组。
我认为如果您在变量或列表中定义组并遍历要添加用户的列表,我认为您可以做到这一点,检查这个 link 它可能会有所帮助你设法做到了,因为你的剧本正在运行,只需要一个定义明确的循环
https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html[loops in ansible]1