-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
microsoft.ad.group module : Set members to an empty list #104
Comments
Following Powershell remove groups if it's configure with an empty list - name: remove groups members
ansible.windows.win_powershell:
script: |
[CmdletBinding()]
param (
[String]
$groups_name
)
#Remove existing Group
$Groups = (Get-ADGroup $groups_name -Properties Member).Member
Remove-ADGroupMember -Identity $groups_name -Members $Groups -Confirm:$false
parameters:
groups_name: "{{ item.name }}"
loop: "{{ site_ADDC_groups }}"
when: item.member_of == '' |
The problem here is that the members/set option is set to be a This is a problem because the code will see this list, go through each member and try to find the group's identity which in this case will be an empty string. The best way to specify an empty list as the value is to just use an empty list like so - name: Creat ADDC groups whith members
microsoft.ad.group:
name: "{{ item.name }}"
description : "{{ item.description }}"
scope: "{{ item.scope }}"
path: "{{ group_fqdn_path }}"
state: present
members:
set: []
protect_from_deletion: true
loop: "{{ site_ADDC_groups }}" I'll leave this open as I think the code should probably just ignore empty strings for these values or at the very least it should document this scenario to help others who might come across it. |
This issue will be fixed by #117. It will explicitly ignore empty strings in each list. |
SUMMARY
Process fails when trying to set tan empty list to remove all members from a group.
microsoft.ad.group module – Manage Active Directory group objects module has an option under the members attribute: to set an empty list
ISSUE TYPE
COMPONENT NAME
microsoft.ad.group module
ANSIBLE VERSION
ansible [core 2.16.4]
config file = None
python version = 3.11.2 (main, Mar 13 2023, 12:18:29)
jinja version = 3.1.3
libyaml = True
COLLECTION VERSION
microsoft.ad collection (version 1.4.1)
CONFIGURATION
différent configuration as been tested
...
OS / ENVIRONMENT
Debian 12
STEPS TO REPRODUCE
Execute command with an empty list
EXPECTED RESULTS
remove groups if already existing
ACTUAL RESULTS
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: à System.Management.Automation.CommandProcessorBase.Complete()
failed: [DR3SP-MULIWX01V] (item={'UID': 'GRP_002', 'name': 'GG_F_ULI_ADMIN-VIR-RW', 'scope': 'global', 'path': '', 'description': 'Administrateurs Virtualisation (Vmware, ProxMox, Hyper-V)', 'member_of': ''}) => {"ansible_loop_var": "item", "changed": false, "item": {"UID": "GRP_002", "description": "Administrateurs Virtualisation (Vmware, ProxMox, Hyper-V)", "member_of": "", "name": "GG_F_ULI_ADMIN-VIR-RW", "path": "", "scope": "global"}, "msg": "Unhandled exception while executing module: Impossible de lier l'argument au paramètre « Identity », car il s'agit d'une chaîne vide."}
The text was updated successfully, but these errors were encountered: