In this blog post, I will show you how I create a role-based access control rule with Ansible for Windows.
In this playbook, I will use the Ansible DSC module that allows us to use Windows Desired State Configuration (DSC) with Ansible playbooks and YAML. We have learned how to use it in OU creation post.
The playbook will use the ActiveDirectoryDSC PowerShell module and in the first task of the playbook, we installed the module and continue to create the RBAC.
In the RBAC configuration, I am giving the DB admins security group permissions to create and delete computers from the servers OU.
The playbook is listed below, for more Ansible posts visit this page.
--- - name: "Create RBAC config" hosts: dcs tasks: - win_shell: install-packageprovider -name nuget -force - name: "Install ActiveDirectoryDSC" win_psmodule: name: ActiveDirectoryDSC state: present - name: RBAC config ansible.windows.win_dsc: resource_name: ADObjectPermissionEntry Ensure: Present Path: 'OU=servers,DC=domain,DC=local' identityReference: 'domain\DB Admins' activeDirectoryRights: 'CreateChild,DeleteChild' accessControlType: 'Allow' objectType: 'bf967a86-0de6-11d0-a285-00aa003049e2' activeDirectorySecurityInheritance: 'All' inheritedObjectType: '00000000-0000-0000-0000-000000000000'