archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

win_domain_user: add retry logic for null user principal group (#54334)

Browse Source 
* win_domain_user: add retry logic for null user principal group

* win_domain_user.ps1: Fix "user without group" case use

* Added changelog fragment

* Fix up missing dollar sign
pull/64878/head
Daniel-Sanchez-Fabregas 6 years ago committed by Jordan Borean
parent bf8fe221bf
commit cd39e6ec6e
2 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File

2
changelogs/fragments/win_domain_user-group-missing.yaml
Unescape Escape View File

@ -0,0 +1,2 @@
bugfixes:
- win_domain_user - Better handle cases when getting a new user's groups fail - https://github.com/ansible/ansible/issues/54331

26
lib/ansible/modules/windows/win_domain_user.ps1
Unescape Escape View File

@ -125,6 +125,21 @@ if ($null -ne $domain_server) {
$extra_args.Server = $domain_server $extra_args.Server = $domain_server
} }
Function Get-PrincipalGroups {
Param ($identity, $args_extra)
try{
$groups = Get-ADPrincipalGroupMembership -Identity $identity @args_extra -ErrorAction Stop
} catch {
Add-Warning -obj $result -message "Failed to enumerate user groups but continuing on.: $($_.Exception.Message)"
return @()
}
$result_groups = foreach ($group in $groups) {
$group.DistinguishedName
}
return $result_groups
}
try { try {
$user_obj = Get-ADUser -Identity $identity -Properties * @extra_args $user_obj = Get-ADUser -Identity $identity -Properties * @extra_args
$user_guid = $user_obj.ObjectGUID $user_guid = $user_obj.ObjectGUID
@ -284,10 +299,7 @@ If ($state -eq 'present') {
$groups += (Get-ADGroup -Identity $group @extra_args).DistinguishedName $groups += (Get-ADGroup -Identity $group @extra_args).DistinguishedName
} }
$assigned_groups = @() $assigned_groups = Get-PrincipalGroups $user_guid $extra_args
Foreach ($group in (Get-ADPrincipalGroupMembership -Identity $user_guid @extra_args)) {
$assigned_groups += $group.DistinguishedName
}
switch ($groups_action) { switch ($groups_action) {
"add" { "add" {
@ -359,11 +371,7 @@ If ($user_obj) {
$result.account_locked = $user_obj.LockedOut $result.account_locked = $user_obj.LockedOut
$result.sid = [string]$user_obj.SID $result.sid = [string]$user_obj.SID
$result.upn = $user_obj.UserPrincipalName $result.upn = $user_obj.UserPrincipalName
$user_groups = @() $result.groups = Get-PrincipalGroups $user_guid $extra_args
Foreach ($group in (Get-ADPrincipalGroupMembership $user_guid @extra_args)) {
$user_groups += $group.name
}
$result.groups = $user_groups
$result.msg = "User '$name' is present" $result.msg = "User '$name' is present"
$result.state = "present" $result.state = "present"
} }

Write Preview
Loading…
Cancel
Save