Skip to content

PortOfPortland/terraform-provider-activedirectory

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
activedirectory
activedirectory
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Terraform Windows Active Directory Provider

This is the repository for a Terraform Active Directory Provider, which you can use to perform operations against Microsoft Active Directory.

The provider uses the github.com/gorillalabs/go-powershell/backend package to "shell out" to PowerShell, fire up a WinRM session, and perform the actual script work. I made this decision because the Go WinRM packages I was able to find only supported WinRM in Basic/Unencrypted mode, which is not doable in our environment. Shelling out to PowerShell is admittedly ugly, but it allows the use of domain accounts, HTTPS, etc.

Using the Provider

Configuring the Provider

# configure the provider
# username + password - used to build a powershell credential
# server - the server we'll create a WinRM session into to perform the AD operations
# usessl - whether or not to use HTTPS for our WinRM session (by default port TCP/5986)
variable "username" {
  type = "string"
}

variable "password" {
  type = "string"
}

provider "activedirectory" {
  server = "mydc.mydomain.com"
  username = "${var.username}"
  password = "${var.password}"
  usessl = true
  default_computer_container = "CN=Computers,DC=mydomain,DC=com" #optional
}

Example - Moving an Object to an OU/Container

This doesn't perfectly map to the CRUD workflow, so in general, it works like this:

  • CREATE - Moves a resource to the correct OU/Container
  • READ - Verifies whether/not a resource is in the correct OU/Container
  • UPDATE - Calls the create function to move the resource to the correct OU/Container
  • DELETE - Moves the resource to either the default computers container (via Get-ADDomain | select computerscont*) or the specified default_computer_container property on the provider
#move an object to an ou.container
resource "activedirectory_ouMapping" "test1" {
  object_name = "MYVM1"
  object_class = "Computer"
  target_path = "OU=2016Servers,OU=Computers,OU=AD,DC=mydomain,DC=com"
}

Example - Adding Objects to an AD Group

resource "activedirectory_groupMembership" "test1" {
  object_name = "MVM1"
  object_class = "Computer"
  group_name = "A really cool group"
}

Building

  1. Make sure you have $GOPATH set ($env:GOPATH='c:\wip\go' on Windows, etc)
  2. git clone https://github.com/PortOfPortland/terraform-provider-activedirectory
  3. cd github.com\portofportland\terraform-provider-activedirectory
  4. switch to a feature branch
git checkout -b myfeature
  1. get the dependencies
go get
  1. prune any unnecessary dependencies
go mod tidy
  1. vendor our dependencies
go mod vendor
  1. build the module
go build
GOOS=windows GOARCH=386 go build -o terraform-provider-activedirectory.exe

About

A Terraform provider for Microsoft Active Directory

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases 6

v0.5.0 Latest
Jul 17, 2019
+ 5 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages