Fixed an issue where microsoft.ad.domain module did not error correctly#178
Conversation
|
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 4m 30s |
AllRWeak
force-pushed
the
microsoft.ad.domain-module-no-error-fix
branch
from
2c36018 to
384b077
Compare
|
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 2m 54s |
AllRWeak
force-pushed
the
microsoft.ad.domain-module-no-error-fix
branch
from
8780dbc to
384b077
Compare
|
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 2m 56s |
AllRWeak
force-pushed
the
microsoft.ad.domain-module-no-error-fix
branch
from
384b077 to
4ac6400
Compare
|
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 3m 47s |
AllRWeak
force-pushed
the
microsoft.ad.domain-module-no-error-fix
branch
from
4ac6400 to
fd6924a
Compare
|
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 3m 52s |
AllRWeak
force-pushed
the
microsoft.ad.domain-module-no-error-fix
branch
from
fd6924a to
fb409c8
Compare
|
Build failed. ❌ ansible-galaxy-importer RETRY_LIMIT Host unreachable in 6m 48s |
AllRWeak
force-pushed
the
microsoft.ad.domain-module-no-error-fix
branch
from
52282fa to
1448018
Compare
|
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 8m 06s |
| } | ||
|
|
||
| # Only installing the domain if the forest does not exist or the host is not a domain controller | ||
| # This is to avoid an issue where the domain already exists in another domain controller but the host itself is not a DC leaving the host in a limbo state |
There was a problem hiding this comment.
If the host is a DC but not for the forest requested then I would have through that this should fail rather than just skip the task.
There was a problem hiding this comment.
With this PR this does fail with the correct message:
msg: |-
Failed to run Install-ADDSForest, DCPromo exited with 45: The name example.com is already in use on this network. Specify a name that is not in use.
reboot_required: false
without the PR just reports the task as changed but not actually having configured the domain controller.
There was a problem hiding this comment.
The logic here is that the the previous variable $forestContext detects that the forest exists but if the host is not promoted to a domain controller then that cannot happen. That's why the extra check if (-not $forest -or -not $host_is_dc) {... in that case it'll still try and promote the host to a DC but will fail with an error message provided by the Install-ADDSForest command instead of just moving on and failing later with other modules.
There was a problem hiding this comment.
Ah I see sorry it's an -or and not -and check so the code here runs when either $forest is falsey or if Get-ADDomainController "failed".
I'm not sure if Get-ADDomainController is a good check here as it means the host needs to have the ActiveDirectory module is installed which isn't guaranteed here. An alternative could be through WMI/CIM
$os = Get-CimInstance -ClassName Win32_OperatingSystem -Property ProductType
$isDC = $os.ProductType -eq 2There was a problem hiding this comment.
Yes a valid point. I updated the PR to use Get-CimInstance instead.
…a forest already exists
AllRWeak
force-pushed
the
microsoft.ad.domain-module-no-error-fix
branch
from
1448018 to
124bb0c
Compare
|
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 4m 15s |
2 participants
SUMMARY
This pull requests fixes an issue where the
microsoft.ad.domainmodule leaves a host in a limbo state if it finds that the forest already exists but the host itself is not a domain controller. The issue can occur when more then 1 domain controller exists in a forest and a user tries the re-install one with themicrosoft.ad.domainmodule. When trying to do it manually the domain controller will give an error that the forest or netbios name already exists. With this fix themicrosoft.ad.domainmodule will give the same error.Fixes #177
ISSUE TYPE
COMPONENT NAME
microsoft.ad.domainmoduleADDITIONAL INFORMATION
More info is described in the issue - #177