Join a Windows Machine to Active Directory With Ansible

In this blog post, I will show you how I join a Windows machine to an Active Directory domain using Ansible.

This post is another post in the Ansible series which covers many of the Windows administration.

Host File

Before we can join machines to AD with Ansible there some prep work we need to do first, and I will start with the hosts’ file for the new machines. Below I have listed my host file, and if you look closely, you will see that I am not using NTLM authentication here.

The file is for new hosts, and in the vars section, I am using the local username and password of the machine, not a domain account.

[newhosts]
192.168.0.15
[newhosts:vars]
ansible_user=administrator
ansible_password=localadminpassword
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore

Prepare Machine

The Windows machines also need some prep work since they need to be configured to support WinRM in a way that Ansible supports and understand. In my case, I have used the Ansible WinRM configuration script to configure the machine.

In your Windows environment, this script should be part of your gold image build process. The first command downloads the script and saves it and the second one runs it.

wget -Uri https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 -OutFile winrm.ps1

 .\winrm.ps1

Playbook

The final step is to run the following Playbook that will join the machine to the Active Directory domain. The script also names the machine MS02 and uses a service account to join it and finally reboots it.

---
- name: "Windows Firewall"
  hosts: newhosts
  tasks:
    - name: "Join Domain"
      win_domain_membership:
        dns_domain_name: corp.enterprise.local
        hostname: ms02
        domain_admin_user: ansible@corp.enterprise.local
        domain_admin_password: enterpass
        state: domain
      register: domain_state
    - win_reboot:
      when: domain_state.reboot_required

End Results

Below you can see the playbook in action. You can join as many machines as you like with this method and save a lot of time.

As you can see after the process is completed and my machine shows up in the computers OU. If needed, it also possible to place the machine in a different OU and not the default by adding the following line with the OU path.

domain_ou_path: