winad

Puppet Module to install Windows Active Directory components like organizantional unit, group, users etc.

Module Stats

7,849 downloads

7,382 latest version

4.6 quality score

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

released Feb 17th 2016

This version is compatible with:

Windows

Start using this module

Installation method

Add this module to your Puppetfile:

mod 'shoneslab-winad', '0.1.2'

Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add shoneslab-winad

Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install shoneslab-winad --version 0.1.2

Documentation

shoneslab/winad — version 0.1.2 Feb 17th 2016

winad

Windows Build Status

Overview
Description
Setup - The basics of getting started with winad
- Setup requirements
- Beginning with winad
Usage - Configuration options and additional functionality
Reference - An under-the-hood peek at what the module is doing and how
Limitations - OS compatibility, etc.
Development - Guide for contributing to the module

Overview

The winad module manages Windows Active Directory tasks to create Organizanation Unit, Groups and Users.

Description

Puppet Module manages Windows Active Directory components such as Organizanation Unit, Groups and Users.

Setup

Setup Requirements

This module expects the puppetlabs-powershell module installed on the system

puppet module install puppetlabs-powershell

Finally, install the module with

puppet module install shoneslab-winad

Beginning with winad

The winad module allows you to manage windows system using the Puppet DSL. To create an organizational unit (OU), use the winad_ou type. The following code sets up a very basic organizantional unit.

winad_ou { 'TestOU':
    ensure      => present,
    path        => 'DC=shoneslab,DC=win,DC=com',
    city        => 'Atlanta',
    state       => 'GA',
    postalcode  => '30329',
    country     => 'US',
}

Usage

###Installing Windows Feature - Net Framework Core:

 winad_features { 'net_framework_core':
    ensure      => present,
 }

###Installing Windows Feature - AD Domain Services:

 winad_features { 'ad_domain_services':
    ensure      => present,
 }

###Creating Windows AD Organizational Unit:

winad_ou { 'TestOU':
    ensure      => present,
    path        => 'DC=shoneslab,DC=win,DC=com',
    city        => 'Atlanta',
    state       => 'GA',
    postalcode  => '30329',
    country     => 'US',
}

###Creating Windows AD Group:

winad_group { 'PrivUserGroup1':
    ensure          => present,
    path            => 'OU=TestOU,DC=shoneslab,DC=win,DC=com',
    group_scope     => 'DomainLocal',
    group_category  => 'Security',
}

###Creating Windows AD User:

winad_user { 'PuppetUser01':
    ensure                      => absent,
    path                        => 'CN=Users,DC=shoneslab,DC=win,DC=com',
    password_never_expires      => true,
    password                    => 'V@grant@123',
    enabled                     => true,
    type                        => 'User',
}

Reference

Types

winad_ou: Creates an Organizational Unit(OU).
winad_group: Creates a Group.
winad_user: Creates a User.

###Parameters

####Type: winad_ou

#####ensure Specifies the basic state of the resource. Valid values are 'present', 'absent'.

#####name Specifies the name of the organizational unit.

#####desc Specifies the description of the organizational unit.

#####path Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created.

#####street_address Specifies the organizational unit's street address.

#####city Specifies the organizational unit's state or province.

#####country Specifies the country or region code for the user's language of choice.

#####postalcode Specifies the user's postal code or zip code.

####Type: winad_group

#####ensure Specifies the basic state of the resource. Valid values are 'present', 'absent'.

#####name Specifies the name of the AD group.

#####desc Specifies the description of the AD group.

#####group_scope Specifies the group scope of the group. Valid values are "DomainLocal", "Global", "Universal".

#####group_category Specifies the category of the group. Valid values are "Distribution", "Security"

####Type: winad_user

#####ensure Specifies the basic state of the resource. Valid values are 'present', 'absent'.

#####name Specifies the users name.

#####desc Specifies the description of the user.

#####path Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created.

#####password_never_expires Specifies whether the password of an account can expire.

#####password Specifies a new password value for an account.

#####enabled Specifies if an account is enabled. An enabled account requires a password.

Limitations

Currently, the winad module is tested on the following windows operating system versions:

Windows 2012 R2

Other windows versions might be compatible, but are not being actively tested.

Development

TODO - Precheck required for OU, Group and Users. Throws error if the forest/Domain Controller/AD is not configured.

TODO - Incorporate more attributes to the types

TODO - Update Features

TODO - Need to test on versions other than Win2012R2

TODO - Acceptance Testing Scripts

TODO - Documentation

Types in this module release

winad_forest

Installs a new Windows AD Forest Configuration.

    Example:

        winad_forest { 'shoneslabs':
            ensure                  => present,
            domain_name             => 'devops.shoneslabs.com',
            domain_netbios_name     => 'SHONESLABS',
            password                => 'V@grant@123',
        }

Parameters
database_path	Specifies the fully qualified, non-Universal Naming Convention (UNC) path to a directory on a fixed disk of the local computer that contains the domain database. The default is 'C:WindowsNTDS'.
domain_mode	Specifies the domain functional level of the first domain in the creation of a new forest. Tested only againt Win2012R2. Possible values are "Win2003", "Win2008","Win2008R2","Win2012","Win2012R2".
domain_name	Specifies the fully qualified domain name (FQDN) for the root (first) domain in the forest.
domain_netbios_name	Specifies the NetBIOS name for the root domain in the new forest.If this parameter is not set, then the default is automatically computed from the value of the domain_name parameter.
ensure
forest_mode	Specifies the forest functional level for the new forest. Tested only againt Win2012R2. Possible values are "Win2003", "Win2008","Win2008R2","Win2012","Win2012R2".
install_dns	Specifies whether the DNS Server service should be installed and configured for the new forest.
log_path	Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer where the log file for this operation will be written. Default to C:WindowsNTDS.
name	Specifies the fully qualified domain name (FQDN) for the root (first) domain in the forest. If the domain_name is present, that will be taken as the domain name else the name attribute.
no_reboot_oncompletion	Specifies that the computer is not to be rebooted upon completion of this command. Default to false.
password	Supplies the password for the administrator account when the computer is started in Safe Mode or a variant of Safe Mode, such as Directory Services Restore Mode.
provider
sys_vol_path	Specifies the fully qualified, non-UNC path to a directory on a fixed disk of the local computer where the Sysvol file will be written. Default to C:WindowsSYSVOL.

Providers
powershell

winad_features

Installs Windows AD Features.

    Example:

        winad_features { 'net_framework_core':
            ensure      => present,
        }
        winad_features { 'ad_domain_services':
            ensure                  => present,
            with_management_tools   => true,
        }

Parameters
ensure
name	The name of the feature to be installed. Possible values are "net_framework_core" , "ad_domain_services".
provider
with_management_tools	Install the mangement tools along with AD Domain services. Default to true.

Providers
powershell

winad_ou

Create a new Windows AD Organizantional Unit.

    Example:

        winad_ou { 'UserAccounts':
            ensure                              => present,
            desc                                => 'Organizantional Unit Managed by Puppet',
            path                                => 'DC=SHONESLABS,DC=com',
            server                              => 'SHONESLABS-srv1:60000',
            protected_from_accidental_deletion  => false,
            displayname                         => 'User Account OU',
        }

Parameters
authtype	Specifies the authentication method to use (Negotiate or Basic)
country	Specifies the country or region code for the user's language of choice.The LDAP Display Name (ldapDisplayName) of this property is "c". This value is not used by Windows 2000.
displayname	Specifies the display name of the object. The LDAP Display Name (ldapDisplayName) for this property is "displayName"
ensure
name	Name of the Organizantional Unit.
path	Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created.
protected_from_accidental_deletion	Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property.
provider

Properties
city	Specifies the user's town or city. The LDAP display name (ldapDisplayName) of this property is "l"
credential	Specifies the user account credentials to use to perform this task.
desc	Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is "description".
instance	Specifies an instance of an organizational unit object to use as a template for a new organizational unit object.
managedby	Specifies the user or group that manages the object.
other_attribs	Specifies object attribute values for attributes that are not represented by cmdlet parameters.
postalcode	Specifies the user's postal code or zip code. The LDAP Display Name (ldapDisplayName) of this property is "postalCode".
server	Specifies the Active Directory Domain Services instance to connect to, by providing Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.
state	Specifies the user's or Organizational Unit's state or province.
street_address	Specifies the organizational unit's street address.

Providers
powershell

winad_group

Create a new Windows AD Group.

    Example:

        winad_group { 'SQLAccessGroup':
            ensure                              => present,
            path                                => 'ou=CRM,DC=SHONESLABS,DC=com',
            group_scope                         => 'DomainLocal',
            group_category                      => 'Security',
            displayname                         => 'SQL Access Group',
        }

Parameters
authtype	Specifies the authentication method to use (Negotiate or Basic)
ensure
homepage	Specifies the URL of the home page of the object. DAP Display Name (ldapDisplayName) for this property is "wWWHomePage"
name	Name of the Windows AD Group.
other_attribs	Specifies object attribute values for attributes that are not represented by cmdlet parameters.
path	Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created.
provider

Properties
credential	Specifies the user account credentials to use to perform this task.
desc	Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is "description".
displayname	Specifies the display name of the object. The LDAP Display Name (ldapDisplayName) for this property is "displayName"
group_category	Specifies the category of the group. Possible values of this parameter are Distribution or Security.
group_scope	Specifies the group scope of the group. Possible values of this parameter are DomainLocal or Global or Universal.
instance	Specifies an instance of a group object to use as a template for a new group object.
managedby	Specifies the user or group that manages the object.
sam_account_name	Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account.
server	Specifies the Active Directory Domain Services instance to connect to, by providing Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.

Providers
powershell

winad_user

Create a new Windows AD User.

    Example:

        winad_user { 'shones':
            ensure                              => present,
            desc                                => 'Users Managed by Puppet',
            path                                => 'DC=SHONESLABS,DC=com',
            server                              => 'SHONESLABS-srv1:60000',
            displayname                         => 'User Account OU',
        }

Parameters
allow_reversible_password_encryption	Specifies whether reversible password encryption is allowed for the account.
authtype	Specifies the authentication method to use (Negotiate or Basic)
cannot_change_password	Specifies whether the account password can be changed.
change_password_atlogon	Specifies whether a password must be changed during the next logon attempt.
city	Specifies the user's town or city. The LDAP display name (ldapDisplayName) of this property is "l"
company	Specifies the user's company. The LDAP display name (ldapDisplayName) of this property is "company"
country	Specifies the country or region code for the user's language of choice.The LDAP Display Name (ldapDisplayName) of this property is "c". This value is not used by Windows 2000.
department	Specifies the user's department. The LDAP display name (ldapDisplayName) of this property is "department"
displayname	Specifies the display name of the object. The LDAP Display Name (ldapDisplayName) for this property is "displayName"
division	Specifies the user's division. The LDAP display name (ldapDisplayName) of this property is "division"
emailaddress	Specifies the user's e-mail address. The LDAP display name (ldapDisplayName) of this property is "mail"
employee_id	Specifies the user's employee ID. The LDAP display name (ldapDisplayName) of this property is "employeeID"
employee_number	Specifies the user's employee number. The LDAP display name (ldapDisplayName) of this property is "employeeNumber"
enabled	Specifies if an account is enabled. An enabled account requires a password.
ensure
fax	Specifies the user's fax mobile number. The LDAP display name (ldapDisplayName) of this property is "facsimileTelephoneNumber"
givenname	Specifies the user's given name. The LDAP display name (ldapDisplayName) of this property is "givenName"
home_page	Specifies the URL of the home page of the object. The LDAP Display Name (ldapDisplayName) for this property is "wWWHomePage".
homephone	Specifies the user's home telephone number. The LDAP display name (ldapDisplayName) of this property is "homePhone"
initials	Specifies the initials that represent part of a user's name. The LDAP display name (ldapDisplayName) of this property is "initials"
mobilephone	Specifies the user's mobile phone number. The LDAP display name (ldapDisplayName) of this property is "mobile"
name	Users Name. he LDAP Display Name (ldapDisplayName) of this property is "name"
password	Specifies a new password value for an account.
password_never_expires	Specifies whether the password of an account can expire.
path	Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created.
pobox	Specifies the user's post office box number. The LDAP Display Name (ldapDisplayName) of this property is "postOfficeBox".
postalcode	Specifies the user's postal code or zip code. The LDAP Display Name (ldapDisplayName) of this property is "postalCode".
protected_from_accidental_deletion	Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property.
provider
state	Specifies the user's or Organizational Unit's state or province.
street_address	Specifies the organizational unit's street address.
surname	Specifies the user's last name or surname. The LDAP display name (ldapDisplayName) of this property is "sn"
title	Specifies the user's title. The LDAP display name (ldapDisplayName) of this property is "title"
type	Specifies the type of object to create.

Properties
credential	Specifies the user account credentials to use to perform this task.
desc	Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP Display Name (ldapDisplayName) for this property is "description".
home_directory	Specifies a user's home directory. The LDAP Display Name (ldapDisplayName) for this property is "homeDirectory".
home_drive	Specifies a drive that is associated with the UNC path defined by the HomeDirectory property. The LDAP Display Name (ldapDisplayName) for this property is "homeDrive".
instance	Specifies an instance of an organizational unit object to use as a template for a new organizational unit object.
managedby	Specifies the user or group that manages the object.
other_attribs	Specifies object attribute values for attributes that are not represented by cmdlet parameters.
server	Specifies the Active Directory Domain Services instance to connect to, by providing Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.
whatif	Describes what would happen if you executed the command without actually executing the command.

Providers
powershell

Modules

Discover

Contribute

Puppet

Premium features

Downloads

Resources

About Forge

Getting Started

winad

Contributions Requested

Support the Puppet Community by contributing to this module

Version information

This version is compatible with:

Start using this module

Documentation

winad

Table of Contents

Overview

Description

Setup

Setup Requirements

Beginning with winad

Usage

Reference

Types

Limitations

Development

Types in this module release

winad_forest

winad_features

winad_ou

winad_group

winad_user

Dependencies