Skip to content

Setup windows server as ad dc #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Setup windows server as ad dc #56

wants to merge 4 commits into from

Conversation

piroor
Copy link
Member

@piroor piroor commented Feb 10, 2025

This adds some tasks to setup a Windows Server VM as an Active Directory Domain Controller. Those added tasks are skipped for non-server Windows clients.

@piroor piroor requested a review from yashirot February 10, 2025 05:23
@yashirot
Copy link
Contributor

Looks good but I will approve after trying whether that actually works.

@yashirot
Copy link
Contributor

One task failed in a test run.
Below is an excerpt from last messages:

TASK [Wait for the system to be ready after reboot for AD DC promotion] ************************************************
skipping: [4.241.169.203]

TASK [Setup chocolatey] ************************************************************************************************
fatal: [4.241.169.203]: FAILED! => {"changed": false, "module_stderr": "", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

PLAY RECAP *************************************************************************************************************
4.241.169.203              : ok=27   changed=20   unreachable=0    failed=1    skipped=6    rescued=0    ignored=0


real    9m53.306s
user    0m11.560s
sys     0m4.514s
make: *** [../use-in-common.mk:18: apply] Error 2

Let's talk it over next business day.

@yashirot
Copy link
Contributor

It was good that AD DS was successfully there:
image

yashirot
yashirot reviewed Feb 18, 2025
View reviewed changes
Copy link
Contributor

@yashirot yashirot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

TASK [Setup chocolatey] ************************************************************************************************
fatal: [4.241.169.203]: FAILED! => {"changed": false, "module_stderr": "", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

Could you check over this failed task?

@piroor
Copy link
Member Author

piroor commented Apr 28, 2025

The error around Chocolatey looks to be solved by changes in #59.

@yashirot
Copy link
Contributor

I will try it after merging PR #59.

@yashirot
Copy link
Contributor

yashirot commented Apr 28, 2025
edited
Loading

@piroor
Could you please resolve conflicts because of the merged changes in PR #59?

@yashirot
Copy link
Contributor

A temporary test run failed with an error below:

TASK [Setup chocolatey] ************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='74.176.170.216', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f7ba3a729f0>, 'Connection to 74.176.170.216 timed out. (connect timeout=30)'))
fatal: [74.176.170.216]: FAILED! => {"msg": "Unexpected failure during module execution: HTTPSConnectionPool(host='74.176.170.216', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f7ba3a729f0>, 'Connection to 74.176.170.216 timed out. (connect timeout=30)'))", "stdout": ""}

PLAY RECAP *************************************************************************************************************
74.176.170.216             : ok=29   changed=22   unreachable=0    failed=1    skipped=6    rescued=0    ignored=0

@yashirot
Copy link
Contributor

yashirot commented Apr 28, 2025
edited
Loading

Running make apply-playbook again ended up with another error:

TASK [Set non-ASCII workgroup name] ************************************************************************************
fatal: [74.176.170.216]: FAILED! => {"changed": true, "msg": "failed to remove computer from domain: Failed to unjoin computer 'firefoxverify' from domain 'example.local' with the following error message: This machine is a domain controller and cannot be unjoined from a domain.", "reboot_required": false}

PLAY RECAP *************************************************************************************************************
74.176.170.216             : ok=3    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

However this may not be a problem as I think ansible tasks are not idempotent differing from terraform recipes.

@piroor piroor force-pushed the setup-windows-server-as-ad-dc branch from a3b9813 to 33e5692 Compare April 30, 2025 01:46
@piroor
Copy link
Member Author

piroor commented Apr 30, 2025

A temporary test run failed with an error below:

TASK [Setup chocolatey] ************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='74.176.170.216', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f7ba3a729f0>, 'Connection to 74.176.170.216 timed out. (connect timeout=30)'))
fatal: [74.176.170.216]: FAILED! => {"msg": "Unexpected failure during module execution: HTTPSConnectionPool(host='74.176.170.216', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f7ba3a729f0>, 'Connection to 74.176.170.216 timed out. (connect timeout=30)'))", "stdout": ""}

PLAY RECAP *************************************************************************************************************
74.176.170.216             : ok=29   changed=22   unreachable=0    failed=1    skipped=6    rescued=0    ignored=0

This looks happen due to unresponsive server for a while after reboot. We need to run it with some more delay.

@piroor
Copy link
Member Author

piroor commented Apr 30, 2025

Running make apply-playbook again ended up with another error:

TASK [Set non-ASCII workgroup name] ************************************************************************************
fatal: [74.176.170.216]: FAILED! => {"changed": true, "msg": "failed to remove computer from domain: Failed to unjoin computer 'firefoxverify' from domain 'example.local' with the following error message: This machine is a domain controller and cannot be unjoined from a domain.", "reboot_required": false}

PLAY RECAP *************************************************************************************************************
74.176.170.216             : ok=3    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

However this may not be a problem as I think ansible tasks are not idempotent differing from terraform recipes.

Hmm. This error does not happen on my environment.

@piroor
Copy link
Member Author

piroor commented Apr 30, 2025

After some retrying I've realized that Windows is restarted by Ansible itself and we need to wait until reconnected whether AD DC promotion is proceeded or not. The commit d8907bc applies "ansible.builtin.wait_for_connection" before further operations.

@yashirot
Copy link
Contributor

yashirot commented May 1, 2025

In a test run a subsequent task failed.
Below is an excerpt of PLAY RECAP

TASK [Promote to a domain controller if this is Windows Server] ********************************************************
fatal: [74.176.136.13]: FAILED! => {"changed": false, "cmd": "powershell.exe -command \"Install-ADDSForest -DomainName example.local -SafeModeAdministratorPassword (ConvertTo-SecureString 'jaGd,CC|0CR]TeeA~u-Q' -AsPlainText -Force) -Force\"", "delta": "0:00:02.531170", "end": "2025-05-01 05:06:05.210264", "msg": "non-zero return code", "rc": 1, "start": "2025-05-01 05:06:02.679094", "stderr": "Install-ADDSForest : Verification of prerequisites for Domain Controller promotion failed. The specified argument 'NewD\r\nomain' was not recognized.\r\nAt line:1 char:1\r\n+ Install-ADDSForest -DomainName example.local -SafeModeAdministratorPa ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : NotSpecified: (:) [Install-ADDSForest], TestFailedException\r\n    + FullyQualifiedErrorId : Test.VerifyDcPromoCore.DCPromo.General.77,Microsoft.DirectoryServices.Deployment.PowerSh \r\n   ell.Commands.InstallADDSForestCommand\r\n", "stderr_lines": ["Install-ADDSForest : Verification of prerequisites for Domain Controller promotion failed. The specified argument 'NewD", "omain' was not recognized.", "At line:1 char:1", "+ Install-ADDSForest -DomainName example.local -SafeModeAdministratorPa ...", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", "    + CategoryInfo          : NotSpecified: (:) [Install-ADDSForest], TestFailedException", "    + FullyQualifiedErrorId : Test.VerifyDcPromoCore.DCPromo.General.77,Microsoft.DirectoryServices.Deployment.PowerSh ", "   ell.Commands.InstallADDSForestCommand"], "stdout": "\r\nMessage                                                                                                                \r\n-------                                                                                                                \r\nVerification of prerequisites for Domain Controller promotion failed. The specified argument 'NewDomain' was not rec...\r\n\r\n\r\n", "stdout_lines": ["", "Message                                                                                                                ", "-------                                                                                                                ", "Verification of prerequisites for Domain Controller promotion failed. The specified argument 'NewDomain' was not rec...", "", ""]}

PLAY RECAP *************************************************************************************************************
74.176.136.13              : ok=32   changed=24   unreachable=0    failed=1    skipped=5    rescued=0    ignored=0


real    16m12.307s
user    0m18.669s
sys     0m6.422s
make: *** [../use-in-common.mk:18: apply] Error 2

@yashirot
Copy link
Contributor

yashirot commented May 1, 2025

The specified argument 'NewD\r\nomain' was not recognized.

Seemingly an unintentional \r\n is inserted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yashirot yashirot yashirot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@piroor @yashirot