Forge Home

windows_ad

Puppet module to install and configure a Windows DC (2012 R2) and manipulate object in Active directory

30,691 downloads

24,533 latest version

3.9 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 0.3.2 (latest)
  • 0.3.1
  • 0.3.0
  • 0.2.0
  • 0.1.9
  • 0.1.8
  • 0.1.7
  • 0.1.6
  • 0.1.5
  • 0.1.4
  • 0.1.3
  • 0.1.2
  • 0.1.1
  • 0.1.0
  • 0.0.9
  • 0.0.8
  • 0.0.7
  • 0.0.6
  • 0.0.5
  • 0.0.4
  • 0.0.3
  • 0.0.2
released Jan 30th 2015
This version is compatible with:
  • Windows

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'jriviere-windows_ad', '0.3.2'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add jriviere-windows_ad
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install jriviere-windows_ad --version 0.3.2

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

jriviere/windows_ad — version 0.3.2 Jan 30th 2015

windows_ad

This is the windows_ad puppet module.

##Introduction This is the windows_ad puppet module. Inspired from opentable/windows_feature module and from martezr/windows_domain_controller for the installation and configuration of a windows domain

This module have two main roles :

  • Install & configure AD
  • Manage Users/OU/Groups in your Active Directory

This module permit you to install a Windows AD Domain controller on a Windows Server.

Moreover, it allows you to create/Remove User in Active Directory, but also permit you to create/Remove Organisational Unit in Active Directory

This module have been tested on Windows Server 2012 r2, should work on Windows Server since 2008 R2. Puppet open source v3.5.1 and v3.6.2, the puppetmaster version is v3.4.3 (on ubuntu 14.04 LTS). Should work since version 3.5.1 of puppet

##Last Fix/Update V 0.3.1 :

  • Fix add user. (dsquery.exe doesn't seem to work anymore) - Works with fullname value
  • Add Pull Request #8 (fix readme for Group) V 0.3.2 :
  • Fix add group and groupmember dsquery.exe doesn't seem to work anymore).

##Module Description

For now, the module allow the installation and creation of new domain, in a new forest. You can also do :

  • Manage object in your AD :
  • User,
  • Users,
  • OU,
  • Group,
  • Group Members

###Setup Requirements

Your puppet.conf need to have this following line:

    ordering=manifest

For using windows_ad::users resource you need to put parser=future in your puppet.conf Adding multiple users it's possible with or WITHOUT parser=future parameter. Please read the next sections

Depends on the following modules:

##Usage

Class: windows_ad

Example - Create a new forest
    class {'windows_ad':
      install                => present,
      installmanagementtools => true,
      restart                => true,
      installflag            => true,
      configure              => present,
      configureflag          => true,
      domain                 => 'forest',
      domainname             => 'jre.local',
      netbiosdomainname      => 'jre',
      domainlevel            => '6',
      forestlevel            => '6',
      databasepath           => 'c:\\windows\\ntds',
      logpath                => 'c:\\windows\\ntds',
      sysvolpath             => 'c:\\windows\\sysvol',
      installtype            => 'domain',
      dsrmpassword           => 'password',
      installdns             => 'yes',
      localadminpassword     => 'password',
    }

Parameters:

    $install              # Present or absent -> install/desinstall ADDS role
    $installflag          # Flag to bypass the install of AD if desired. Need to be set to False to bypass. Default true
    $configure            # Present or absent -> configure/remove a Domain Controller
    $configureflag        # Flag to bypass the configuration of AD if desired. Need to be set to False to bypass. Default true
    $domainname           # name of domain you must install FQDN
    $domain               # Installation type { forest | tree | child | replica | readonly } ==> doesn't implement yet
    $netbiosdomainname    # NetBIOS name
    $domainlevel          # Domain level {4 - Server 2008 R2 | 5 - Server 2012 | 6 - Server 2012 R2}
    $forestlevel          # Forest Level {4 - Server 2008 R2 | 5 - Server 2012 | 6 - Server 2012 R2}
    $databasepath         # Active Directory database path
    $logpath              # Active Directory log path
    $sysvolpath           # Active Directory sysvol path
    $dsrmpassword         # Directory Service Recovery Mode password
    $localadminpassword   # password of local admin for remove DC.

Other install and configuration parameters can be set check the init.pp in manifests folder.

For adding Organisational Unit :

    windows_ad::organisationalunit{'PLOP':
      ensure       => present,
      path         => 'DC=JRE,DC=LOCAL',
      ouName       => 'PLOP',
    }

For adding a simple User :

    windows_ad::user{'Add_user':
      ensure               => present,
      domainname           => 'jre.local',
      path                 => 'OU=PLOP,DC=JRE,DC=LOCAL',
      accountname          => 'test',
      lastname             => 'test',                   ## Not mandatory. But for this 2 parameters you need to declare at least one 
      firstname            => 'test',                   ## or use fullname parameter !
      passwordneverexpires => true,
      passwordlength       => 15,                       # must be number so don't put ''
      password             => 'M1Gr3atP@ssw0rd',        # You can specify a password for the account you declare
      xmlpath              => 'C:\\users.xml',          # must contain the full path, and the name of the file. Default value C:\\users.xml
      writetoxmlflag       => true,                     # need to be set to false if you doesn't want to write the xml file. Default set to true
      emailaddress         => 'test@jre.local',
    }

For adding multiple Users WITH parser=future:

    $users = [
     {
        ensure               => present,
        path                 => 'OU=PLOP,DC=JRE,DC=LOCAL',
        accountname          => 'test',
        lastname             => 'test',
        firstname            => 'testtest',
        passwordneverexpires => true,
        passwordlength       => 15,
        fullname             => 'The test',
     },
     {
        ensure               => present,
        path                 => 'OU=PLOP,DC=JRE,DC=LOCAL',
        accountname          => 'test2',
        lastname             => 'test2',
        firstname            => 'test22',
        passwordneverexpires => true,
        passwordlength       => 9,
        password             => 'M1Gr3atP@ssw0rd',
        emailaddress         => 'test2@jre.local',
      }
    ]

    windows_ad::users{'Add_Users':
      domainname           => 'jre.local',
      users                => $users,
      xmlpath              => 'C:\\users.xml', # must contain the full path, and the name of the file. Default value C:\\users.xml
      writetoxmlflag       => true,            # need to be set to false if you doesn't want to write the xml file. Default set to true
    }

For adding multiple Users WITHOUT parser=future:

    $userhash = {
     'test' => {
        ensure               => present,
        path                 => 'OU=PLOP,DC=JRE,DC=LOCAL',
        accountname          => 'test',
        lastname             => 'test',
        firstname            => 'testtest',
        passwordneverexpires => true,
        passwordlength       => 15,
        fullname             => 'The test',
     },
     'test2' => {
        ensure               => present,
        path                 => 'OU=PLOP,DC=JRE,DC=LOCAL',
        accountname          => 'test2',
        lastname             => 'test2',
        firstname            => 'test22',
        passwordneverexpires => true,
        passwordlength       => 9,
        password             => 'M1Gr3atP@ssw0rd',
        emailaddress         => 'test2@jre.local',
      },
    }
    
    create_resources(windows_ad::user, $userhash)

About password: the password will be auto-generated or now you can specify your own password (min 8 characters, one alpha, one numeric, one special characters at least) Passwords will be saved to users.xml on your c: drive (C:\users.xml)

For adding a Group :

    windows_ad::group{'test':
      ensure               => present,
      displayname          => 'Test',
      path                 => 'CN=Users,DC=JRE,DC=LOCAL',
      groupname            => 'test',
      groupscope           => 'Global',
      groupcategory        => 'Security',
      description          => 'desc group',
    }

For adding members to a Group :

    windows_ad::groupmembers{'Member groupplop':
      ensure    => present,
      groupname => 'groupplop',
      members   => '"jre","test2"',
    }

For the group members respect the syntax : '"samaccountname","samaccountname"' and if only one member :'"jre"' The module doesn't delete users if you let ensure to present, and modify only the members list Otherwise, if you let in the list of the members you want to delete and put ensure to absent, then the module will delete only the members in the list

Known issues

  • If you update the FullName the XML file will not be updated.

License

Apache License, Version 2.0

Contributors

Jerome RIVIERE

Support

Please log tickets and issues on GitHub site