In this blog post, I will show you how to create a group policy object in an Active Directory environment using Ansible for Windows.
To learn more about Ansible and Windows Active Directory visit the blog series about the topic.
Ansible and DSC
By default, Ansible Windows modules don’t come with a module that allows us to create a Group Policy object and because of this reason, I’m going to use a Windows DSC module called GroupPolicyDSC with the Ansible win_dsc module which allows us to run DSC using Ansible.
The playbook has three tasks:
- Install the nugget PowerShell module.
- Install the GroupPolicyDSC module
- Create a Group Policy object
Please note that using the GroupPolicyDSC module we can also set group policy settings and configurations.
Below is Playbook, simply copy and run.
--- - name: "Create a GPO" hosts: windows tasks: - win_shell: install-packageprovider -name nuget -force - name: "Install GroupPolicyDSC" win_psmodule: name: GroupPolicyDSC state: present - name: "Create GPO" win_dsc: resource_name: GroupPolicy name: "ExampleGPO" status: allsettingsenabled ensure: present