You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have been trying to set the attribute PrincipalsAllowedToRetrieveManagedPassword for a MSA (msDS-GroupManagedServiceAccount) account. Not sure if this is a bug or a feature request.
- name: Get all properties for the specified account using its DistinguishedNamemicrosoft.ad.object_info:
identity: "CN=<**>L,CN=Managed Service Accounts,{{ domain_dn }}"properties: "*"
- name: Create Service Accounts - ansible modulemicrosoft.ad.object:
attributes:
set:
PrincipalsAllowedToRetrieveManagedPassword: "<**>"name: <**>path: "CN=Managed Service Accounts,{{ domain_dn }}"protect_from_deletion: truestate: presenttype: "msDS-GroupManagedServiceAccount"
EXPECTED RESULTS
I expect to set PrincipalsAllowedToRetrieveManagedPassword attribute
ACTUAL RESULTS
TASK [Create Service Accounts - ansible module] ********************************
task path: /ansible/collections/ansible_collections/**/**/playbooks/prep_ad_post.yml:76
Tuesday 20 February 2024 18:48:45 +0000 (0:00:03.119) 0:00:49.050 ******
Using module file /ansible/collections/ansible_collections/microsoft/ad/plugins/modules/object.ps1
Pipelining is enabled.
<**IP**> ESTABLISH WINRM CONNECTION FOR USER: <**User**> on PORT <**Port**> TO <**IP**>
EXEC (via pipeline wrapper)
The full traceback is:
at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.ProcessRecord()
fatal: [<**Host**>]: FAILED! => {
"changed": false,
"msg": "Unhandled exception while executing module: The specified directory service attribute or value does not exist\r\nParameter name: PrincipalsAllowedToRetrieveManagedPassword"
}
The text was updated successfully, but these errors were encountered:
The PrincipalsAllowedToRetrieveManagedPassword is a special property/parameter on the New-ADServiceAccount cmdlet and not an actual LDAP attribute. The actual attribute is called msDS-GroupMSAMembership.
SUMMARY
I have been trying to set the attribute
PrincipalsAllowedToRetrieveManagedPassword
for a MSA (msDS-GroupManagedServiceAccount) account. Not sure if this is a bug or a feature request.ISSUE TYPE
COMPONENT NAME
microsoft.ad.object
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
Windows Server 2022
STEPS TO REPRODUCE
EXPECTED RESULTS
I expect to set PrincipalsAllowedToRetrieveManagedPassword attribute
ACTUAL RESULTS
The text was updated successfully, but these errors were encountered: