Unable to connect to AD Server?
Question
I am trying to execute AD and Exchange commands from my Ansible master server, but I receive below error. I can successfully execute these commands on my windows server locally.
For AD:
FAILED! => {"changed": true, "cmd": "powershell.exe \\"import-module activedirectory;get-aduser -Identity 'testuser01'\\" > aa.txt", "delta": "0:00:01.796829", "end": "2019-05-08 12:41:19.824130", "msg": "non-zero return code", "rc": 1, "start": "2019-05-08 12:41:18.027300", "stderr": "get-aduser : Unable to contact the server. This may be because this server \\r\\ndoes not exist, it is currently down, or it does not have the Active Directory \\r\\nWeb Services running.
For Exchange:
FAILED! => {"changed": true, "cmd": "Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;enable-mailbox 'testuser01' > c:/temp/aa.txt", "delta": "0:00:12.734039", "end": "2019-05-08 01:13:51.726514", "msg": "non-zero return code", "rc": 1, "start": "2019-05-08 01:13:38.992475", "stderr": "Active Directory operation failed on . The supplied credential for \\r\\n'DEVAD\\\\admin' is invalid.
Code Part
For AD:
- name: Mailbox Creation
win_shell: "import-module activedirectory;get-aduser -identity 'testuser01'"
For Exchange:
- name: Mailbox Creation
win_shell: "Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;enable-mailbox 'testuser01' > c:/temp/aa.txt"
2 answers
solution1
0 2019-11-22 13:58:27
maybe someone help.
have same problem when using kerberos
ansible_winrm_transport: kerberos
need to turn credential on delegation, tested with kerberos only.
ansible_winrm_kerberos_delegation: yes
solution2
0 2021-01-08 15:15:05
For whatever reason accessing the Active Directory from the remote Exchange PowerShell environment doesn't work out of the box, and you have to generate a new session and run your commands within it.
$PWord = ConvertTo-SecureString -String "{{ ansible_password }}" -AsPlainText -Force
$UserCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "{{ ansible_user }}", $PWord
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://{{ inventory_hostname }}/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Import-PSSession $Session -DisableNameChecking
Followed by your code:
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
...
And ended with:
Remove-PSSession $Session
Relevant documentation:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.