win_domain_group – Creates, modifies or removes domain groups¶
New in version 2.4.
Synopsis¶
- Creates, modifies or removes groups in Active Directory.
- For local groups, use the win_group module instead.
Parameters¶
See Also¶
See also
- win_domain – Ensures the existence of a Windows domain
- The official documentation on the win_domain module.
- win_domain_controller – Manage domain controller/member server state for a Windows host
- The official documentation on the win_domain_controller module.
- win_domain_computer – Manage computers in Active Directory
- The official documentation on the win_domain_computer module.
- win_domain_membership – Manage domain/workgroup membership for a Windows host
- The official documentation on the win_domain_membership module.
- win_domain_user – Manages Windows Active Directory user accounts
- The official documentation on the win_domain_user module.
- win_group – Add and remove local groups
- The official documentation on the win_group module.
- win_group_membership – Manage Windows local group membership
- The official documentation on the win_group_membership module.
Examples¶
- name: Ensure the group Cow exists using sAMAccountName
  win_domain_group:
    name: Cow
    scope: global
    path: OU=groups,DC=ansible,DC=local
- name: Ensure the group Cow doesn't exist using the Distinguished Name
  win_domain_group:
    name: CN=Cow,OU=groups,DC=ansible,DC=local
    state: absent
- name: Delete group ignoring the protection flag
  win_domain_group:
    name: Cow
    state: absent
    ignore_protection: yes
- name: Create group with delete protection enabled and custom attributes
  win_domain_group:
    name: Ansible Users
    scope: domainlocal
    category: security
    attributes:
      mail: helpdesk@ansible.com
      wWWHomePage: www.ansible.com
    ignore_protection: yes
- name: Change the OU of a group using the SID and ignore the protection flag
  win_domain_group:
    name: S-1-5-21-2171456218-3732823212-122182344-1189
    scope: global
    organizational_unit: OU=groups,DC=ansible,DC=local
    ignore_protection: yes
- name: Add managed_by user
  win_domain_group:
    name: Group Name Here
    managed_by: Domain Admins
- name: Add group and specify the AD domain services to use for the create
  win_domain_group:
    name: Test Group
    domain_username: user@CORP.ANSIBLE.COM
    domain_password: Password01!
    domain_server: corp-DC12.corp.ansible.com
    scope: domainlocal
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Jordan Borean (@jborean93)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
