jessereynolds · March 14, 2017 06:53
diff --git a/create-computer-group-in-ad.pp b/create-computer-group-in-ad.pp
 # Create a group in AD if it doesn't exist already
 # Requires the 'ad-domain-services' windowsfeature to be installed, eg using the puppet/windowsfeature module:
 # windowsfeature {'ad-domain-service':
 #   ensure => 'present',
 # }

 $username      = 'jane'
 $password      = 'password'
 $group_name    = 'foo'

 #$servername    = upcase($trusted['hostname']) # because windows is shouty
 $servername    = upcase($facts['hostname']) 
 $group_name    = "Right-ADM-SV-Server.${servername}.LocalAdmin-U-GS"
 $group_path    = "CN=AdminRights,CN=ExampleGroups,DC=EXAMPLE,DC=COM"

 $set_credentials = join([
  '$username = "', $username, '" ; ',
  '$password = ConvertTo-SecureString "', $password, '" -AsPlainText -Force ; ',
  '$credentials = new-object System.Management.Automation.PSCredential($username,$password) ; ',
  ], '')

 $test_group_existence = join([
  $set_credentials,
  'try { Get-ADGroup -Credential $credentials "', $group_name, '" } ',
  'catch { echo "ERROR: $_ " ; exit 1 }',
  ], '')

 $create_group = join([
  $set_credentials,
  'try { New-adgroup -Credential $credentials –Name "', $group_name, 
  '" –Path "', $group_path, '" –GroupCategory Security –GroupScope Global } ',
  'catch { echo "ERROR: $_ " ; exit 1 }',
  ], '')
 	
 	
 notice("test_group_existence command: ${test_group_existence}")
 notice("create_group command: ${create_group}")

 exec {'ensure_admin_group':
  provider  => 'powershell',
  command   => $create_group,
  unless    => $test_group_existence,
  logoutput => true,
 }
diff --git a/other-bits.pp b/other-bits.pp
 # group removal (not sure if this works, in my testing I received a NotImplemented error

 $delete_group_no_try = join([
  $set_credentials,
  'Remove-ADGroup -Identity "', 
  "CN=${group_name},${group_path}", 
  '" -Credential $credentials -Confirm ',
  ], '')
  
  
 # alternative test existence using try / catch

 $test_group_existence = join([
  $set_credentials,
  'try { Get-ADGroup -Credential $credentials "', $group_name, '" } ',
  'catch { echo "ERROR: $_ " ; exit 1 }',
  ], '')
	# Create a group in AD if it doesn't exist already
	# Requires the 'ad-domain-services' windowsfeature to be installed, eg using the puppet/windowsfeature module:
	# windowsfeature {'ad-domain-service':
	# ensure => 'present',
	# }

	$username = 'jane'
	$password = 'password'
	$group_name = 'foo'

	#$servername = upcase($trusted['hostname']) # because windows is shouty
	$servername = upcase($facts['hostname'])
	$group_name = "Right-ADM-SV-Server.${servername}.LocalAdmin-U-GS"
	$group_path = "CN=AdminRights,CN=ExampleGroups,DC=EXAMPLE,DC=COM"

	$set_credentials = join([
	'$username = "', $username, '" ; ',
	'$password = ConvertTo-SecureString "', $password, '" -AsPlainText -Force ; ',
	'$credentials = new-object System.Management.Automation.PSCredential($username,$password) ; ',
	], '')

	$test_group_existence = join([
	$set_credentials,
	'try { Get-ADGroup -Credential $credentials "', $group_name, '" } ',
	'catch { echo "ERROR: $_ " ; exit 1 }',
	], '')

	$create_group = join([
	$set_credentials,
	'try { New-adgroup -Credential $credentials –Name "', $group_name,
	'" –Path "', $group_path, '" –GroupCategory Security –GroupScope Global } ',
	'catch { echo "ERROR: $_ " ; exit 1 }',
	], '')


	notice("test_group_existence command: ${test_group_existence}")
	notice("create_group command: ${create_group}")

	exec {'ensure_admin_group':
	provider => 'powershell',
	command => $create_group,
	unless => $test_group_existence,
	logoutput => true,
	}
	# group removal (not sure if this works, in my testing I received a NotImplemented error

	$delete_group_no_try = join([
	$set_credentials,
	'Remove-ADGroup -Identity "',
	"CN=${group_name},${group_path}",
	'" -Credential $credentials -Confirm ',
	], '')


	# alternative test existence using try / catch

	$test_group_existence = join([
	$set_credentials,
	'try { Get-ADGroup -Credential $credentials "', $group_name, '" } ',
	'catch { echo "ERROR: $_ " ; exit 1 }',
	], '')