{"id":20140693,"url":"https://github.com/goffinet/ansible-windows-dc","last_synced_at":"2025-09-21T07:31:05.592Z","repository":{"id":116034003,"uuid":"579076368","full_name":"goffinet/ansible-windows-dc","owner":"goffinet","description":"Ansible playbooks to deploy a Windows AD DC Lab in GNS3 with QEMU","archived":false,"fork":false,"pushed_at":"2023-03-26T22:30:08.000Z","size":117,"stargazers_count":6,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-03T23:23:49.043Z","etag":null,"topics":["active-directory","ansible","gns3","windows"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/goffinet.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-16T15:45:03.000Z","updated_at":"2024-04-04T14:24:41.000Z","dependencies_parsed_at":null,"dependency_job_id":"bd58e1ed-4f3a-47e6-b82d-5d2d438796fb","html_url":"https://github.com/goffinet/ansible-windows-dc","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/goffinet/ansible-windows-dc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goffinet%2Fansible-windows-dc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goffinet%2Fansible-windows-dc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goffinet%2Fansible-windows-dc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goffinet%2Fansible-windows-dc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/goffinet","download_url":"https://codeload.github.com/goffinet/ansible-windows-dc/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goffinet%2Fansible-windows-dc/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276209923,"owners_count":25603717,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-21T02:00:07.055Z","response_time":72,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-directory","ansible","gns3","windows"],"created_at":"2024-11-13T21:53:13.785Z","updated_at":"2025-09-21T07:31:05.313Z","avatar_url":"https://github.com/goffinet.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ansible playbooks to deploy a Windows AD DC Lab in GNS3 with QEMU\n\nThe main goal is to have a working AD DC Lab in a GNS3 with QEMU.\n\nAnsible helps us to automate this task.\n\nDo not use it in production. Only for testing and learning purposes.\n\n## Windows QEMU image\n\nImage used: [Windows Server 2022 rgl/windows-vagrant images](https://github.com/rgl/windows-vagrant)\n\nAlways \"[sysprep](https://en.wikipedia.org/wiki/Sysprep)\" a Windows image before use:\n\n```\nC:\\Windows\\System32\\Sysprep\\sysprep.exe /generalize /shutdown /oobe /quiet\n```\n\nThis image is ready to be deployed on the GNS3 server.\n\n## Scenario\n\nScenario based on: [rgl/windows-domain-controller-vagrant](https://github.com/rgl/windows-domain-controller-vagrant)\n\nValue added:\n\n- GNS3 toplogy\n- Ansible playbook\n\nA Domain Controller and two Windows workstations are added in the [osseclab](https://github.com/goffinet/ansible-ccna-lab/blob/master/inventories/custom/osseclab/hosts) GNS3 topology :\n\n![EXAMPLE.COM AD GNS3 topology](gns3_topology.png)\n\nIn this topology a router named \"gateway\" acts as an IPv4 Internet Gateway and DHCP/DNS server for the \"EXAMPLE.COM\" domain. The blue connections are the IP Network segments adressed in 192.168.1.0/24 and in 192.168.2.0/24. Dotted lines are connected to a management switch with a controller that distributes 11.12.13.0/24 management addresses.\n\n## How to use\n\nSetup the controller (Centos):\n\n```bash\ncurl -s https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/master/tests/setup-controller.sh -o controller_setup.sh\nbash controller_setup.sh\nreboot\n```\n\nInstall all requirements on this Centos host:\n\n```bash\nyum -y install git\ngit clone https://github.com/goffinet/ansible-windows-dc\ncd ansible-windows-dc\nbash -x ansible_setup.sh\n```\n\nLook at the inventory:\n\n```\ninventory/\n├── group_vars\n│   ├── all\n│   └── domain_controllers\n└── hosts\n```\n\nLook at the main inventory file `inventory/hosts`:\n\n```\n[domain_controllers]\ndc ansible_host=11.12.13.117 ip_address=192.168.1.99 ip_gateway=192.168.1.1\n\n[servers]\n\n[linux]\npc1\nsrv1\n\n[workstations]\nwks1 ansible_host=11.12.13.104\nwks2 ansible_host=11.12.13.110\n\n[windows:children]\ndomain_controllers\nservers\nworkstations\n\n[windows:vars]\nansible_user=vagrant\nansible_password=vagrant\nansible_shell_type=cmd\nansible_connection=winrm\nansible_winrm_transport=basic\nansible_port=5985\n\n[linux:vars]\nansible_user=root\nansible_password=testtest\n\n[all:vars]\nansible_ssh_common_args='-o StrictHostKeyChecking=no'\ndns_domain_name=\"example.com\"\ndomain_netbios_name=\"EXAMPLE\"\ndomain_dn=\"DC=example,DC=com\"\nmain_password=\"HeyH0Password\"\n```\n\nAD users list is stored in the `inventory/domain_controllers`:\n\n```yaml\ndomain_users:\n  - firstname: \"john\"\n    surname: \"doe\"\n    password: \"{{ main_password }}\"\n    password_never_expires: yes\n    groups:\n      - \"Domain Admins\"\n  - firstname: \"jane\"\n    surname: \"doe\"\n    password: \"{{ main_password }}\"\n    password_never_expires: yes\n    groups:\n      - \"Domain Admins\"\nmanaged_sa: sa_test\n```\n\nLook at the `site.yml` playbook:\n\n```yaml\n---\n- import_playbook: playbooks/setup_domain_controller.yml\n- import_playbook: playbooks/configure_domain_controller.yml\n- import_playbook: playbooks/setup_windows_workstations.yml\n- import_playbook: playbooks/install_chocolatey.yml\n- import_playbook: playbooks/setup_linux.yml\n```\n\nUsage:\n\n- Start the machines\n- For Windows hosts:\n    - Start a first session in a locale console (VNC)\n    - Get the IP management address (cmd.exe / ipconfig / logoff) in the 11.12.13.0/24 range\n    - Update the inventory `ansible_host` variable for each windows hosts\n- Test the ansible \"winrm\" connection:\n  ```bash\n  ansible -m win_ping windows\n  ```\n- Test the ansible \"ssh\" connection:\n  ```bash\n  ansible -m win_ping windows -e \"ansible_connection=ssh ansible_port=22\"\n  ansible -m ping linux\n  ```\n  - Launch the main playbook:\n  ```bash\n   ansible-playbook site.yml\n  ```\n\n## Test the authentication\n\nFrom pc1.example.com:\n\n```\npc1 login: john.doe@example.com\nPassword:\nCreating home directory for john.doe@example.com.\n\n[john.doe@example.com@pc1 ~]$ pwd\n/home/john.doe@example.com\n[john.doe@example.com@pc1 ~]$ ssh wks1\nThe authenticity of host 'wks1 (192.168.1.184)' can't be established.\nECDSA key fingerprint is SHA256:VxeAoogkvdtiGzQlSD2C0JM7OREL/kEcfWOjNtVl/5o.\nECDSA key fingerprint is MD5:67:c1:2f:ca:d6:64:b7:03:3a:f8:8f:53:08:42:44:dd.\nAre you sure you want to continue connecting (yes/no)? yes\nWarning: Permanently added 'wks1,192.168.1.184' (ECDSA) to the list of known hosts.\njohn.doe@example.com@wks1's password:\n\nMicrosoft Windows [Version 10.0.20348.1249]\n(c) Microsoft Corporation. All rights reserved.\n\nexample\\john.doe@WKS1 C:\\Users\\john.doe\u003epowershell\n\nWindows PowerShell\nCopyright (C) Microsoft Corporation. All rights reserved.\n\nInstall the latest PowerShell for new features and improvements! https://aka.ms/PSWindows\n\nPS C:\\Users\\john.doe\u003e $env:UserName\njohn.doe\nPS C:\\Users\\john.doe\u003e $env:UserDomain\nEXAMPLE\nPS C:\\Users\\john.doe\u003e $env:ComputerName\nWKS1\nPS C:\\Users\\vagrant.EXAMPLE\u003e (Get-ADDomain).DNSRoot\nexample.com\nPS C:\\Users\\vagrant.EXAMPLE\u003e (Get-WmiObject Win32_ComputerSystem).Domain\nexample.com\nPS C:\\Users\\john.doe\u003e exit\n\nexample\\john.doe@WKS1 C:\\Users\\john.doe\u003eexit\nConnection to wks1 closed.\n[john.doe@example.com@pc1 ~]$ exit\nlogout\n```\n\n## Fake users and groups feeding\n\n```bash\nansible-playbook playbooks/add_users_groups.yml -e \"$(python3 fakergen.py 1000 | jq -c -r '.')\"\n```\n\n## Next steps\n\n- Create a share on Workstation for a Group and mount it on the others\n- Ubuntu joins the domain\n- Twice DC\n- ...\n- Users and Permissions Management\n\n## Credits\n\n- [Windows Server 2022 rgl/windows-vagrant images](https://github.com/rgl/windows-vagrant)\n- [rgl/windows-domain-controller-vagrant](https://github.com/rgl/windows-domain-controller-vagrant)\n- [WSMan Test Environment](https://github.com/jborean93/wsman-environment)\n- [Active Directory Lab](https://github.com/alebov/AD-lab)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoffinet%2Fansible-windows-dc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoffinet%2Fansible-windows-dc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoffinet%2Fansible-windows-dc/lists"}