Ansible – Find Domain Administrator used in Services, Processes and Scheduled Tasks using Ansible and PowerShell

find_administrator.yml

---
# RAUSYS 2023, Leistungsstarker IT-Partner
# www.rausys.de

- name: Find all Services, Processes and Scheduled Tasks using the Domain Administrator
  hosts: all
  gather_facts: no
  strategy: free
  tasks:
    - name: Domain Administrator Inspection via PowerShell
      ansible.windows.win_powershell:
        script: |
          Get-WmiObject win32_service | Where-Object {
            $_.StartName -Match "Administrator"
          } | Select-Object SystemName,Name,StartName,State

          Get-WmiObject win32_process | Where-Object {
            $_.GetOwner().User -Match "Administrator" -And`
            $_.ProcessName -NotMatch "cmd.exe|powershell.exe|winrshost.exe|conhost.exe"
          } | Select-Object CSName,ProcessName,@{Name="User"; Expression={ $_.GetOwner().User }}

          Get-ScheduledTask | Where-Object {
            $_.Principal.UserId -Match "Administrator" -And`
            $_.Principal.LogonType -Eq "Password"
          } | Select-Object TaskName,State,TaskPath,@{Name="User"; Expression={ $_.Principal.UserId }}
      register: script_return
    - name: Output
      debug:
        msg: "{{ script_return.output }}"
      when: script_return.output