windows_ad
This is the windows_ad puppet module.
##Module Description
For now, the module allow the installation and creation of new domain, in a new forest. You can also do :
- Manage object in your AD :
- User,
- Users,
- OU,
- Group,
- Group Members
###Setup Requirements
Your puppet.conf need to have this following line:
ordering=manifest
For using windows_ad::users resource you need to put parser=future in your puppet.conf Adding multiple users it's possible with or WITHOUT parser=future parameter. Please read the next sections
Depends on the following modules:
##Usage
Class: windows_ad
Example - Create a new forest
class {'windows_ad':
install => present,
installmanagementtools => true,
restart => true,
installflag => true,
configure => present,
configureflag => true,
domain => 'forest',
domainname => 'jre.local',
netbiosdomainname => 'jre',
domainlevel => '6',
forestlevel => '6',
databasepath => 'c:\\windows\\ntds',
logpath => 'c:\\windows\\ntds',
sysvolpath => 'c:\\windows\\sysvol',
installtype => 'domain',
dsrmpassword => 'password',
installdns => 'yes',
localadminpassword => 'password',
}
Parameters:
$install # Present or absent -> install/desinstall ADDS role
$installflag # Flag to bypass the install of AD if desired. Need to be set to False to bypass. Default true
$configure # Present or absent -> configure/remove a Domain Controller
$configureflag # Flag to bypass the configuration of AD if desired. Need to be set to False to bypass. Default true
$domainname # name of domain you must install FQDN
$domain # Installation type { forest | tree | child | replica | readonly } ==> doesn't implement yet
$netbiosdomainname # NetBIOS name
$domainlevel # Domain level {4 - Server 2008 R2 | 5 - Server 2012 | 6 - Server 2012 R2}
$forestlevel # Forest Level {4 - Server 2008 R2 | 5 - Server 2012 | 6 - Server 2012 R2}
$databasepath # Active Directory database path
$logpath # Active Directory log path
$sysvolpath # Active Directory sysvol path
$dsrmpassword # Directory Service Recovery Mode password
$localadminpassword # password of local admin for remove DC.
Other install and configuration parameters can be set check the init.pp in manifests folder.
For adding Organisational Unit :
windows_ad::organisationalunit{'PLOP':
ensure => present,
path => 'DC=JRE,DC=LOCAL',
ouName => 'PLOP',
}
For adding a simple User :
windows_ad::user{'Add_user':
ensure => present,
domainname => 'jre.local',
path => 'OU=PLOP,DC=JRE,DC=LOCAL',
accountname => 'test',
lastname => 'test', ## Not mandatory. But for this 2 parameters you need to declare at least one
firstname => 'test', ## or use fullname parameter !
passwordneverexpires => true,
passwordlength => 15, # must be number so don't put ''
password => 'M1Gr3atP@ssw0rd', # You can specify a password for the account you declare
xmlpath => 'C:\\users.xml', # must contain the full path, and the name of the file. Default value C:\\users.xml
writetoxmlflag => true, # need to be set to false if you doesn't want to write the xml file. Default set to true
emailaddress => 'test@jre.local',
}
For adding multiple Users WITH parser=future:
$users = [
{
ensure => present,
path => 'OU=PLOP,DC=JRE,DC=LOCAL',
accountname => 'test',
lastname => 'test',
firstname => 'testtest',
passwordneverexpires => true,
passwordlength => 15,
fullname => 'The test',
},
{
ensure => present,
path => 'OU=PLOP,DC=JRE,DC=LOCAL',
accountname => 'test2',
lastname => 'test2',
firstname => 'test22',
passwordneverexpires => true,
passwordlength => 9,
password => 'M1Gr3atP@ssw0rd',
emailaddress => 'test2@jre.local',
}
]
windows_ad::users{'Add_Users':
domainname => 'jre.local',
users => $users,
xmlpath => 'C:\\users.xml', # must contain the full path, and the name of the file. Default value C:\\users.xml
writetoxmlflag => true, # need to be set to false if you doesn't want to write the xml file. Default set to true
}
For adding multiple Users WITHOUT parser=future:
$userhash = {
'test' => {
ensure => present,
path => 'OU=PLOP,DC=JRE,DC=LOCAL',
accountname => 'test',
lastname => 'test',
firstname => 'testtest',
passwordneverexpires => true,
passwordlength => 15,
fullname => 'The test',
},
'test2' => {
ensure => present,
path => 'OU=PLOP,DC=JRE,DC=LOCAL',
accountname => 'test2',
lastname => 'test2',
firstname => 'test22',
passwordneverexpires => true,
passwordlength => 9,
password => 'M1Gr3atP@ssw0rd',
emailaddress => 'test2@jre.local',
},
}
create_resources(windows_ad::user, $userhash)
About password: the password will be auto-generated or now you can specify your own password (min 8 characters, one alpha, one numeric, one special characters at least) Passwords will be saved to users.xml on your c: drive (C:\users.xml)
For adding a Group :
windows_ad::group{'test':
ensure => present,
displayname => 'Test',
path => 'CN=Users,DC=JRE,DC=LOCAL',
groupname => 'test',
groupscope => 'Global',
groupcategory => 'Security',
description => 'desc group',
}
For adding members to a Group :
windows_ad::groupmembers{'Member groupplop':
ensure => present,
groupname => 'groupplop',
members => '"jre","test2"',
}
For the group members respect the syntax : '"samaccountname","samaccountname"' and if only one member :'"jre"' The module doesn't delete users if you let ensure to present, and modify only the members list Otherwise, if you let in the list of the members you want to delete and put ensure to absent, then the module will delete only the members in the list
- If you update the FullName the XML file will not be updated.
Apache License, Version 2.0
Please log tickets and issues on GitHub site