This video shows the possibilities of using Ansible Tower to manage users in the Windows AD server.
All the relevant playbooks can be found at the following link,
https://github.com/eanylin/ansible-lab/tree/master/windows_management_demo
The actual flow of the video is as follows:
1) The video starts off with us showing a Windows Server 2012R2 VM in our environment running on VMWare vCenter vSphere and an overview of the entries in the Windows AD Server.
2) The Windows engineer will log into the Ansible Tower using the ‘win_engineer’ user
3) The Ansible Tower uses credssp to communicate with the Windows 2012R2 VM and Kerberos to communicate with the Windows AD.
4) The Windows engineer proceed to create a new user by keying in information such as domain group name, scope, user name, password and email address
5) The Ansible Tower will create the new domain group and user with the information that was keyed in (as seen in the Windows AD)
6) Next, the Windows engineer will make use of the credentials of the newly created user to log into the Windows 2012R2 VM to demonstrate successful execution of the playbook.
7) In order to scale, we will need to be able to create multiple users at the same time. Hence the Windows engineer will proceed to create a list of users using the Jinja2 template, i.e. https://github.com/eanylin/ansible-lab/blob/master/windows_management_demo/roles/add_multiple_win_users/vars/main.yml
8) The Windows engineer will check to ensure that all the required users are properly created in the Windows AD server (note that the playbook forces these users to change their password when they log in next time. This gives us the flexibility to set generic passwords in our template)
