Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions changelogs/fragments/user-post-action-moved.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
bugfixes:
- >-
user - Ensure any post actions like editing the user's groups are performed on the correct distinguished name. This
fixes the error when changing the user's groups when the user was moved in the same module invocation.
1 change: 1 addition & 0 deletions plugins/module_utils/_ADObject.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -1507,6 +1507,7 @@ Function Invoke-AnsibleADObject {

# Won't be set in check mode
if ($finalADObject) {
$adObject = $finalADObject
$objectDN = $finalADObject.DistinguishedName
}
else {
Expand Down
13 changes: 13 additions & 0 deletions tests/integration/targets/user/tasks/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,9 @@
name: MyUser2
identity: '{{ object_sid }}' # ID by SID
path: '{{ setup_domain_info.output[0].defaultNamingContext }}'
groups:
add:
- Domain Admins
register: move_user_check
check_mode: true

Expand All @@ -131,6 +134,7 @@
identity: '{{ object_identity }}'
properties:
- sAMAccountName
- memberOf
register: move_user_check_actual

- name: assert move user - check
Expand All @@ -141,19 +145,24 @@
- move_user_check_actual.objects[0].DistinguishedName == 'CN=MyUser2,CN=Users,' ~ setup_domain_info.output[0].defaultNamingContext
- move_user_check_actual.objects[0].Name == 'MyUser2'
- move_user_check_actual.objects[0].sAMAccountName == 'MyUser'
- move_user_check_actual.objects[0].memberOf == None

- name: move user
user:
name: MyUser2
identity: '{{ object_sid }}' # ID by SID
path: '{{ setup_domain_info.output[0].defaultNamingContext }}'
groups:
add:
- Domain Admins
register: move_user

- name: get result of move user
object_info:
identity: '{{ object_identity }}'
properties:
- sAMAccountName
- memberOf
register: move_user_actual

- name: assert move user
Expand All @@ -164,12 +173,16 @@
- move_user_actual.objects[0].DistinguishedName == 'CN=MyUser2,' ~ setup_domain_info.output[0].defaultNamingContext
- move_user_actual.objects[0].Name == 'MyUser2'
- move_user_actual.objects[0].sAMAccountName == 'MyUser'
- move_user_actual.objects[0].memberOf == ["CN=Domain Admins,CN=Users," ~ setup_domain_info.output[0].defaultNamingContext]

- name: move user - idempotent
user:
name: MyUser2
identity: '{{ object_sid }}' # ID by SID
path: '{{ setup_domain_info.output[0].defaultNamingContext }}'
groups:
add:
- Domain Admins
register: move_user_again

- name: assert move user - idempotent
Expand Down
Loading