0

単純な Powershell コマンドを使用して、Windows マシンから OU を取得しようとしています。

Powershell on the Machine の管理者として、次の 2 つの方法で試しました。

  1. ([adsisearcher]'(&(name=$env:computername)(objectClass=computer))').findall().path
  2. gpresult /r /scope computer

どちらの方法でも、マシン自体で実行すると、問題なく OU が返されます。

しかし、Ansible を使用してこの Powershell コマンドを実行したいと考えています。Ansible で試してみると、両方のコマンドが空の値を返します。Ansible で Powershell コマンドを実行する際に管理者ユーザーを使用しています。

Ansible で Powershell を使用して OU を取得できるようにするには、どうすればよいですか?

これは私の可能なタスクです:

- name: Get Active Directory OU from Instance
  ansible.windows.win_powershell:
    script: "gpresult /r /scope computer"
  become_method: runas
  become: yes
  become_user: Administrator
  register: active_directory_ou

その結果、使用時に

gpresult/r /scope コンピューター

私はこのようなものを得る:

{
"changed": true,
"invocation": {
    "module_args": {
        "depth": 2,
        "removes": null,
        "chdir": null,
        "parameters": null,
        "creates": null,
        "executable": null,
        "error_action": "continue",
        "arguments": null,
        "script": "gpresult /r /scope computer"
    }
},
"result": {},
"host_out": "",
"host_err": "",
"output": [
    "",
    "Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0",
    "© 2018 Microsoft Corporation. All rights reserved.",
    "",
    "Created on ‎10.‎11.‎2021 at 13:47:10",
    "",
    "",
    "",
    "RSOP data for  on AWSD199 : Logging Mode",
    "---------------------------------------------",
    "",
    "OS Configuration:            Member Server",
    "OS Version:                  10.0.17763",
    "Site Name:                   FFM-DC",
    "Roaming Profile:             ",
    "Local Profile:               ",
    "Connected over a slow link?: No",
    "",
    "",
    "COMPUTER SETTINGS",
    "------------------",
    "    ",    -----------------> HERE SHOULD BE THE OU BUT IT IS EMPTY!
    "    Last time Group Policy was applied: 10.11.2021 at 13:42:50",
    "    Group Policy was applied from:      *******************",
    "    Group Policy slow link threshold:   500 kbps",
    "    Domain Name:                        BKU",
    "    Domain Type:                        Windows 2008 or later",
    "",
    "    The following GPOs were not applied because they were filtered out",
    "    -------------------------------------------------------------------",
    "        Local Group Policy",
    "            Filtering:  Not Applied (Empty)",
    "",
    "    The computer is a part of the following security groups",
    "    -------------------------------------------------------",
    "        BUILTIN\\Administrators",
    "        Everyone",
    "        BUILTIN\\Users",
    "        NT AUTHORITY\\NETWORK",
    "        NT AUTHORITY\\Authenticated Users",
    "        This Organization",
    "        AWSD199$",
    "        Domain Computers",
    "        Claims Valid",
    "        Authentication authority asserted identity",
    "        System Mandatory Level",
    "        "
],
"error": [],
"warning": [],
"verbose": [],
"debug": [],
"information": [],
"_ansible_no_log": false

}

使用しようとすると:

([adsisearcher]'(&(name=$env:computername)(objectClass=computer))').findall().path

次のエラー メッセージが表示されます。

{
    "changed": true,
    "invocation": {
        "module_args": {
            "depth": 2,
            "removes": null,
            "chdir": null,
            "parameters": null,
            "creates": null,
            "executable": null,
            "error_action": "continue",
            "arguments": null,
            "script": "([adsisearcher]\"(&(name=$env:computername)(objectClass=user))\").findall().Path"
        }
    },
    "result": {},
    "host_out": "",
    "host_err": "",
    "output": [],
    "error": [
        {
            "script_stack_trace": "at <ScriptBlock>, <No file>: line 1",
            "fully_qualified_error_id": "COMException",
            "exception": {
                "inner_exception": {
                    "inner_exception": null,
                    "message": "The specified domain either does not exist or could not be contacted.\r\n",
                    "source": "System.DirectoryServices",
                    "help_link": null,
                    "type": "System.Runtime.InteropServices.COMException",
                    "hresult": -2147023541
                },
                "message": "Exception calling \"FindAll\" with \"0\" argument(s): \"The specified domain either does not exist or could not be contacted.\r\n\"",
                "source": "System.Management.Automation",
                "help_link": null,
                "type": "System.Management.Automation.MethodInvocationException",
                "hresult": -2146233087
            },
            "target_object": null,
            "error_details": null,
            "output": "Exception calling \"FindAll\" with \"0\" argument(s): \"The specified domain either does not exist or could not be contacted.\r\n\"\r\nAt line:1 char:1\r\n+ ([adsisearcher]\"(&(name=$env:computername)(objectClass=user))\").finda ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException\r\n    + FullyQualifiedErrorId : COMException\r\n \r\n",
            "pipeline_iteration_info": [],
            "category_info": {
                "target_name": "",
                "target_type": "",
                "activity": "",
                "category_id": 0,
                "reason": "MethodInvocationException",
                "category": "NotSpecified"
            }
        }
    ],
    "warning": [],
    "verbose": [],
    "debug": [],
    "information": [],
    "_ansible_no_log": false
}
4

1 に答える 1