From ee8a10b87d3d7bdba08b230633557edeecd42e75 Mon Sep 17 00:00:00 2001 From: Mike Klebolt Date: Mon, 10 Sep 2018 22:20:45 -0500 Subject: [PATCH] Fixes authentication error when ansible_user is a local account and computer is already joined to domain (#44270) * Fixes authentication error when ansible_user is a local account and computer is already joined to domain * recommended fixes --- .../modules/windows/win_domain_membership.ps1 | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/lib/ansible/modules/windows/win_domain_membership.ps1 b/lib/ansible/modules/windows/win_domain_membership.ps1 index ee280bb801..e08e17c158 100644 --- a/lib/ansible/modules/windows/win_domain_membership.ps1 +++ b/lib/ansible/modules/windows/win_domain_membership.ps1 @@ -45,6 +45,23 @@ Function Get-DomainMembershipMatch { return $domain_match } + catch [System.Security.Authentication.AuthenticationException] { + Write-DebugLog "Failed to get computer domain. Attempting a different method." + Add-Type -AssemblyName System.DirectoryServices.AccountManagement + $user_principal = [System.DirectoryServices.AccountManagement.UserPrincipal]::Current + If ($user_principal.ContextType -eq "Machine") { + $current_dns_domain = (Get-CimInstance -ClassName Win32_ComputerSystem -Property Domain).Domain + + $domain_match = $current_dns_domain -eq $dns_domain_name + + Write-DebugLog ("current domain {0} matches {1}: {2}" -f $current_dns_domain, $dns_domain_name, $domain_match) + + return $domain_match + } + Else { + Fail-Json -obj $result -message "Failed to authenticate with domain controller and cannot retrieve the existing domain name: $($_.Exception.Message)" + } + } Catch [System.DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException] { Write-DebugLog "not currently joined to a reachable domain" return $false