-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
microsoft.ad.user - having trouble updating user password #44
Comments
The A basic description is that - name: manages user CN=testing,{{ default_domain_user_container}}
microsoft.ad.user:
name: testing
- name: manages user CN=testing,OU=MyOU,DC=domain,DC=test
microsoft.ad.user:
name: testing
path: OU=MyOU,DC=domain,DC=test If - name: manages sAMAccountName userSAM and ensures it is at CN=testing,{{ default_domain_user_container}}
microsoft.ad.user:
name: testing
identity: userSAM
- name: manages sAMAccountName userSAM and ensures it is at CN=testing,OU=MyOU,DC=domain,DC=test
microsoft.ad.user:
name: testing
identity: userSAM
path: OU=MyOU,DC=domain,DC=test I see two possible options:
I am leaning towards option 2 because it closely matches the behaviour of |
Option 2 sounds great and it sounds like it might make the module a bit easier to use. However, as you mentioned, I'm not sure of downstream implications of a change like that. |
The PR #59 implements option 2. At this stage the collection is quite new and I believe it's the behaviour that more people would expect based on the few issues we've received so far. |
@jborean93 I think the MR linked has improved the situation. However, since name has to be set (if state = present), it still appears to not be quite possible to simply select the user object by samaccount name (with something like the identity paramter) and update an attribute on it. If we try to specify samaccount name for both identity and name, it is possible the user object will still be renamed (if those values don't actually match in AD). Looking forward to your thoughts - I can open a separate issue for a new suggestion. |
@iamperson347 might be best to open as a new issue. Briefly thinking about it I think it should be fine to do and I cannot think of any downsides to it. |
SUMMARY
I'm attempting to update a service account (standard ad user, not a gmsa, etc.), but I'm having trouble getting this module to work as a replacement for win_domain_user. Ideally, I would like to pass in the sam account name of the service account, and update the password.
The accounts will be in separate OU's, so I cannot hardcode the path. I do see an object_info module where I could query for the user object first, but it seems the ad.user module should be able to accomplish the task at hand (as it's a replacement for win_domain_user).
Do you have any suggestions on the use case above?
ISSUE TYPE
COMPONENT NAME
microsoft.ad.user
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE
See summary above.
EXPECTED RESULTS
microsoft.ad.user can update user account passwords by passing in samaccountname similar to win_domain_user.
ACTUAL RESULTS
The text was updated successfully, but these errors were encountered: