The unix_enabled_ad_users role creates CSV and HTML reports that lists all Active Directory users that have Unix user attributes. A User object is considered to be 'Unix-enabled' if it has values for the UID Number, Primary GID Number, Home Directory and Login Shell. If Login Shell is /bin/false, the user is considered to be disabled for Unix or Linux logon.
The role requires the community.windows collection be installed on the control node (the machine that runs Ansible). See community.windows for how to perform installation.
The role gathers information about Active Directory objects. For Ansible to communicate to a Windows host and use Windows modules, the Windows host must meet some requirements. See Connecting to a Windows Host for guidance. See Setting up a Windows Host and Windows Remote Management for further details.
All of the variables shown below have a default value but can be overridden to suit your environment. Variable overriding can be done in playbooks, inventories, from the command line using the -e switch with the ansible-playbook command, or from Ansible Tower and AWX. See Ansbile documentation for further information.
See Active Directory variables in the common role.
-
unix_enabled_ad_users_base_container: By default, these reports are created using the default domain as the base container. With this parameter you can specify a different base container to begin the search.Default value is:
unix_enabled_ad_users_base_container: ''
Report generation variable defaults for all roles are set by variables in the common role and can be overriden for all roles by setting the appropriate common role variable. See common role report generation variables in the common role.
-
unix_enabled_ad_users_reports_generateenables report generation.Default value is:
unix_enabled_ad_users_reports_generate: "{{ reports_generate }}"
-
unix_enabled_ad_users_reports_backupenables backup of prior reports by renaming them with the date and time they were generated so that the latest reports do not override the previous reports.Default value is:
unix_enabled_ad_users_reports_backup: "{{ reports_backup }}"
-
unix_enabled_ad_users_reports_hostsets the host on which the reports should be generated.Default value is:
unix_enabled_ad_users_reports_host: "{{ reports_host }}"
-
unix_enabled_ad_users_reportsis a list of dictionaries that define the reports to be generated. The default value creates a CSV and HTML report using the templates included with theunix_enabled_ad_usersrole.Default value is:
unix_enabled_ad_users_reports: - src: unix_enabled_ad_users_report.csv.j2 dest: unix_enabled_ad_users_report.csv - src: unix_enabled_ad_users_report.html.j2 dest: unix_enabled_ad_users_report.html
The
srckey for each list entry is the report template file on the Ansible control node. With a relative path Ansible will look in theunix_enabled_ad_usersroletemplatedirectory. Use a absolute path to speciy templates located elsewhere on the Ansible control node.The
destkey for each list entry is the report file on the machine specified inunix_enabled_ad_users_reports_host. Ifunix_enabled_ad_users_reports_hostis set to the Ansible control node a relative path can be used and it will be relative to the directory from which the playbook is run. For other hosts, an absolute path must be used. In either case the containing directory must exist.
Below is a sample playbook using the unix_enabled_ad_users role.
---
- hosts: all
gather_facts: false
# The variables you would most likely want/need to override have been included
vars:
# Active Directory
client_domain: sample.net
client_username: user
client_password: pass
# Report parameters
unix_enabled_ad_users_base_container: 'CN=Users,DC=Sample,DC=net'
# Reports
unix_enabled_ad_users_reports_generate: true
unix_enabled_ad_users_reports_backup: false
roles:
- name: oneidentity.authentication_services.unix_enabled_ad_usersFor a copy of this and other sample playbooks see examples