0

我正在尝试使用简单的 Powershell 命令从 Windows 机器中检索 OU。

我在机器上的 Powershell 中以管理员身份尝试了两种方式:

  1. ([adsisearcher]'(&(name=$env:computername)(objectClass=computer))').findall().path
  2. gpresult /r /scope computer

当我在机器本身上执行它们时,两种方式都可以很好地返回 OU。

但是,我想使用 Ansible 执行这个 Powershell 命令。当我在 Ansible 上尝试时,两个命令都返回一个空值。我在 Ansible 中执行 Powershell 命令时使用的是管理员用户。

我需要做什么才能在 Ansible 中使用 Powershell 检索 OU?

这是我的任务:

- name: Get Active Directory OU from Instance
  ansible.windows.win_powershell:
    script: "gpresult /r /scope computer"
  become_method: runas
  become: yes
  become_user: Administrator
  register: active_directory_ou

结果,当使用

gpresult/r /scope 计算机

我得到这样的东西:

{
"changed": true,
"invocation": {
    "module_args": {
        "depth": 2,
        "removes": null,
        "chdir": null,
        "parameters": null,
        "creates": null,
        "executable": null,
        "error_action": "continue",
        "arguments": null,
        "script": "gpresult /r /scope computer"
    }
},
"result": {},
"host_out": "",
"host_err": "",
"output": [
    "",
    "Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0",
    "© 2018 Microsoft Corporation. All rights reserved.",
    "",
    "Created on ‎10.‎11.‎2021 at 13:47:10",
    "",
    "",
    "",
    "RSOP data for  on AWSD199 : Logging Mode",
    "---------------------------------------------",
    "",
    "OS Configuration:            Member Server",
    "OS Version:                  10.0.17763",
    "Site Name:                   FFM-DC",
    "Roaming Profile:             ",
    "Local Profile:               ",
    "Connected over a slow link?: No",
    "",
    "",
    "COMPUTER SETTINGS",
    "------------------",
    "    ",    -----------------> HERE SHOULD BE THE OU BUT IT IS EMPTY!
    "    Last time Group Policy was applied: 10.11.2021 at 13:42:50",
    "    Group Policy was applied from:      *******************",
    "    Group Policy slow link threshold:   500 kbps",
    "    Domain Name:                        BKU",
    "    Domain Type:                        Windows 2008 or later",
    "",
    "    The following GPOs were not applied because they were filtered out",
    "    -------------------------------------------------------------------",
    "        Local Group Policy",
    "            Filtering:  Not Applied (Empty)",
    "",
    "    The computer is a part of the following security groups",
    "    -------------------------------------------------------",
    "        BUILTIN\\Administrators",
    "        Everyone",
    "        BUILTIN\\Users",
    "        NT AUTHORITY\\NETWORK",
    "        NT AUTHORITY\\Authenticated Users",
    "        This Organization",
    "        AWSD199$",
    "        Domain Computers",
    "        Claims Valid",
    "        Authentication authority asserted identity",
    "        System Mandatory Level",
    "        "
],
"error": [],
"warning": [],
"verbose": [],
"debug": [],
"information": [],
"_ansible_no_log": false

}

当我尝试使用时:

([adsisearcher]'(&(name=$env:computername)(objectClass=computer))').findall().path

我收到此错误消息:

{
    "changed": true,
    "invocation": {
        "module_args": {
            "depth": 2,
            "removes": null,
            "chdir": null,
            "parameters": null,
            "creates": null,
            "executable": null,
            "error_action": "continue",
            "arguments": null,
            "script": "([adsisearcher]\"(&(name=$env:computername)(objectClass=user))\").findall().Path"
        }
    },
    "result": {},
    "host_out": "",
    "host_err": "",
    "output": [],
    "error": [
        {
            "script_stack_trace": "at <ScriptBlock>, <No file>: line 1",
            "fully_qualified_error_id": "COMException",
            "exception": {
                "inner_exception": {
                    "inner_exception": null,
                    "message": "The specified domain either does not exist or could not be contacted.\r\n",
                    "source": "System.DirectoryServices",
                    "help_link": null,
                    "type": "System.Runtime.InteropServices.COMException",
                    "hresult": -2147023541
                },
                "message": "Exception calling \"FindAll\" with \"0\" argument(s): \"The specified domain either does not exist or could not be contacted.\r\n\"",
                "source": "System.Management.Automation",
                "help_link": null,
                "type": "System.Management.Automation.MethodInvocationException",
                "hresult": -2146233087
            },
            "target_object": null,
            "error_details": null,
            "output": "Exception calling \"FindAll\" with \"0\" argument(s): \"The specified domain either does not exist or could not be contacted.\r\n\"\r\nAt line:1 char:1\r\n+ ([adsisearcher]\"(&(name=$env:computername)(objectClass=user))\").finda ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException\r\n    + FullyQualifiedErrorId : COMException\r\n \r\n",
            "pipeline_iteration_info": [],
            "category_info": {
                "target_name": "",
                "target_type": "",
                "activity": "",
                "category_id": 0,
                "reason": "MethodInvocationException",
                "category": "NotSpecified"
            }
        }
    ],
    "warning": [],
    "verbose": [],
    "debug": [],
    "information": [],
    "_ansible_no_log": false
}
4

1 回答 1

0

更改'",这将起作用。里面的所有东西'都没有扩展到它的值,所以你搜索一个名称为 的计算机$env:computername。当然,您的目录中不存在具有该名称的目录。 ([adsisearcher]"(&(name=$env:computername)(objectClass=user))").findall().Path

于 2021-11-10T14:09:49.750 回答