@ -1,8 +1,6 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# This file is part of Ansible
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# this is a windows documentation stub. actual code lives in the .ps1
@ -12,7 +10,6 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
' status ' : [ ' preview ' ] ,
' supported_by ' : ' community ' }
DOCUMENTATION = r '''
- - -
module : win_domain_user
@ -30,14 +27,12 @@ options:
- When C ( present ) , creates or updates the user account . When C ( absent ) ,
removes the user account if it exists . When C ( query ) ,
retrieves the user account details without making any changes .
choices :
- present
- absent
- query
choices : [ absent , present , query ]
default : present
enabled :
description :
- C ( yes ) will enable the user account . C ( no ) will disable the account .
- C ( yes ) will enable the user account .
- C ( no ) will disable the account .
type : bool
default : ' yes '
account_locked :
@ -45,9 +40,8 @@ options:
- C ( no ) will unlock the user account if locked . Note that there is not a
way to lock an account as an administrator . Accounts are locked due to
user actions ; as an admin , you may only unlock a locked account . If you
wish to administratively disable an account , set ' enabled ' to ' no ' .
wish to administratively disable an account , set I ( enabled ) to C ( no ) .
choices : [ ' no ' ]
type : bool
description :
description :
- Description of the user
@ -60,11 +54,12 @@ options:
their principal group ( for example , " Domain Users " ) .
groups_action :
description :
- If C ( add ) , the user is added to each group in I ( groups ) where not
already a member .
- If C ( remove ) , the user is removed from each group in I ( groups ) .
- If C ( replace ) , the user is added as a member of each group in
I ( groups ) and removed from any other groups . If C ( add ) , the user is
added to each group in I ( groups ) where not already a member . If
C ( remove ) , the user is removed from each group in I ( groups ) .
choices : [ ' replace ' , ' add ' , ' remove ' ]
I ( groups ) and removed from any other groups .
choices : [ add , remove , replace ]
default : replace
password :
description :
@ -73,67 +68,71 @@ options:
configured on the account , or you must provide a password here .
update_password :
description :
- C ( always ) will update passwords if they differ . C ( on_create ) will
only set the password for newly created users . Note that C ( always ) will
always report an Ansible status of ' changed ' because we cannot
determine whether the new password differs from the old password .
choices : [ ' always ' , ' on_create ' ]
- C ( always ) will update passwords if they differ .
- C ( on_create ) will only set the password for newly created users .
- Note that C ( always ) will always report an Ansible status of ' changed '
because we cannot determine whether the new password differs from
the old password .
choices : [ always , on_create ]
default : always
password_expired :
description :
- C ( yes ) will require the user to change their password at next login .
C ( no ) will clear the expired password flag . This is mutually exclusive
with I ( password_never_expires ) .
- C ( no ) will clear the expired password flag .
- This is mutually exclusive with I ( password_never_expires ) .
type : bool
password_never_expires :
description :
- C ( yes ) will set the password to never expire . C ( no ) will allow the
password to expire . This is mutually exclusive with I ( password_expired )
- C ( yes ) will set the password to never expire .
- C ( no ) will allow the password to expire .
- This is mutually exclusive with I ( password_expired ) .
type : bool
user_cannot_change_password :
description :
- C ( yes ) will prevent the user from changing their password . C ( no ) will
allow the user to change their password .
- C ( yes ) will prevent the user from changing their password .
- C ( no ) will allow the user to change their password .
type : bool
firstname :
description :
- Configures the user ' s first name (given name)
- Configures the user ' s first name (given name) .
surname :
description :
- Configures the user ' s last name (surname)
- Configures the user ' s last name (surname) .
company :
description :
- Configures the user ' s company name
- Configures the user ' s company name .
upn :
description :
- Configures the User Principal Name ( UPN ) for the account . This is not
required , but is best practice to configure for modern versions of
Active Directory . The format is " <username>@<domain> " .
- Configures the User Principal Name ( UPN ) for the account .
- This is not required , but is best practice to configure for modern
versions of Active Directory .
- The format is C ( < username > @ < domain > ) .
email :
description :
- Configures the user ' s email address. This is a record in AD and does
not do anything to configure any email servers or systems .
- Configures the user ' s email address.
- This is a record in AD and does not do anything to configure any email
servers or systems .
street :
description :
- Configures the user ' s street address
- Configures the user ' s street address .
city :
description :
- Configures the user ' s city
- Configures the user ' s city .
state_province :
description :
- Configures the user ' s state or province
- Configures the user ' s state or province .
postal_code :
description :
- Configures the user ' s postal code / zip code
- Configures the user ' s postal code / zip code .
country :
description :
- Configures the user ' s country code. Note that this is a two-character
ISO 3166 code .
- Configures the user ' s country code.
- Note that this is a two - character ISO 3166 code .
path :
description :
- Container or OU for the new user ; if you do not specify this , the
user will be placed in the default container for users in the domain .
Setting the path is only available when a new user is created ;
- Setting the path is only available when a new user is created ;
if you specify a path on an existing user , the user ' s path will not
be updated - you must delete ( e . g . , state = absent ) the user and
then re - add the user with the appropriate path .
@ -143,7 +142,7 @@ options:
- This can be used to set custom attributes that are not exposed as module
parameters , e . g . C ( telephoneNumber ) .
- See the examples on how to format this parameter .
version_added : " 2.5 "
version_added : ' 2.5 '
domain_username :
description :
- The username to use when interacting with AD .
@ -152,7 +151,7 @@ options:
version_added : ' 2.5 '
domain_password :
description :
- The password for C ( username ) .
- The password for I ( username ) .
version_added : ' 2.5 '
domain_server :
description :