Posted on

Using Ansible to Mass Create Users in Active Directory

Ever need to create multiple users in Active Directory? Ever wished there was a better way than manual? I know there are Powershell scripts or even good old batch scripts that will do this but again, lets focus on one tool to rule them all, Ansible!

Enough of that, lets get into it

My thought process was to have a CSV with headers that would have all the required information to create a user and use the Ansible module win_domain_user module. For this example I am doing a very basic user and only have username,First,Last, Password (set to require reset at first logon), UPN and Display Name. The module itself allow you to set some items but others you have to use the attributes which can be found here. I do plan on adding all the information that is typical.

The playbook will take the CSV and then use a Jinja file to then parse the CSV and create a YAML file for the playbook to use at variables to create the users. 

Domain_users.csv file

username,firstname,surname,password,upn
randywatts,randy,watts,Better2gether!,randywatts@downs.lan
jeffdowns,jeff,downs,Better2gether!,jeffdowns@downs.lan
bobwilson,bob,wilson,Better2gether!,bobwilson@downs.lan

domain_users_csv.j2

---
users:
{% for item in csvfile.split("\n") %}
{%   if loop.index != 1 %}
{%     set list = item.split(",") %}
  {{ list[0]|trim() }}:
    firstname: {{ list[1]|trim() }}
    surname: {{ list[2]|trim() }}
    password: {{ list[3]|trim() }}
    email: {{ list[4]|trim() }}
    upn: {{ list[5]|trim() }}
{%   endif %}
{% endfor %}

Output of YAML file

addusers.yml

---
- hosts: localhost
  gather_facts: false
  become: false
  vars:
    csvfile: "{{ lookup('file', '/etc/ansible/csv/domain_users.csv') }}"
  tasks:
  - name: Parse CSV To YAML
    template:
      src: "/etc/ansible/templates/domain_users_csv.j2"
      dest: "/etc/ansible/files/domain_users.yml"
    run_once: true
- hosts: winservers
  gather_facts: false
  vars_files:
    - /etc/ansible/vault/vault.yml
    - /etc/ansible/group_vars/windows.yml
    - /etc/ansible/files/domain_users.yml
  tasks:
  - name: Add Users
    win_domain_user:
      name: "{{ item.key }}"
      firstname: "{{ item.value.firstname}}"
      surname: "{{ item.value.surname}}"
      password: "{{ item.value.password }}"
      email: "{{ item.value.email }}"
      upn: "{{ item.value.upn }}"
      password_expired: yes
      attributes:
        displayName: '{{ item.value.firstname }} {{ item.value.surname }}'
    loop: "{{ lookup('dict', users) }}"

There maybe different ways to do this. I did explore just trying to use the CSV but ran into issues so that is why I ended up parsing out the values into a YAML file. Check out my github repo for other Ansible related playbooks.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s