diff --git a/lib/ansible/modules/windows/win_user.ps1 b/lib/ansible/modules/windows/win_user.ps1 index a805fac7f2..ae4847a852 100644 --- a/lib/ansible/modules/windows/win_user.ps1 +++ b/lib/ansible/modules/windows/win_user.ps1 @@ -150,8 +150,9 @@ If ($state -eq 'present') { } ElseIf (($password -ne $null) -and ($update_password -eq 'always')) { [void][system.reflection.assembly]::LoadWithPartialName('System.DirectoryServices.AccountManagement') - $pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Machine', $env:COMPUTERNAME - # FIXME: ValidateCredentials fails if PasswordExpired == 1 + $host_name = [System.Net.Dns]::GetHostName() + $pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Machine', $host_name + # ValidateCredentials fails if PasswordExpired == 1 If (!$pc.ValidateCredentials($username, $password)) { $user_obj.SetPassword($password) $result.changed = $true @@ -195,6 +196,9 @@ If ($state -eq 'present') { $user_obj.IsAccountLocked = $account_locked $result.changed = $true } + If ($result.changed) { + $user_obj.SetInfo() + } If ($groups.GetType) { [string[]]$current_groups = $user_obj.Groups() | ForEach { $_.GetType().InvokeMember("Name", "GetProperty", $null, $_, $null) } If (($groups_action -eq "remove") -or ($groups_action -eq "replace")) { @@ -226,9 +230,6 @@ If ($state -eq 'present') { } } } - If ($result.changed) { - $user_obj.SetInfo() - } } catch { Fail-Json $result $_.Exception.Message