{"id":19249312,"url":"https://github.com/sous-chefs/windows_ad","last_synced_at":"2025-12-16T23:28:56.064Z","repository":{"id":9488112,"uuid":"11377698","full_name":"sous-chefs/windows_ad","owner":"sous-chefs","description":"Development repository for the windows_ad cookbook","archived":false,"fork":false,"pushed_at":"2025-05-28T14:05:30.000Z","size":368,"stargazers_count":60,"open_issues_count":8,"forks_count":59,"subscribers_count":31,"default_branch":"main","last_synced_at":"2025-07-09T05:26:19.606Z","etag":null,"topics":["chef","chef-cookbook","chef-resource","hacktoberfest","managed-by-terraform","windows-ad"],"latest_commit_sha":null,"homepage":"https://supermarket.chef.io/cookbooks/windows_ad","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sous-chefs.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"open_collective":"sous-chefs"}},"created_at":"2013-07-12T20:43:35.000Z","updated_at":"2025-04-17T00:40:18.000Z","dependencies_parsed_at":"2025-05-16T23:27:27.812Z","dependency_job_id":"202fb969-1d10-4016-80cf-7b79f411d9d9","html_url":"https://github.com/sous-chefs/windows_ad","commit_stats":{"total_commits":306,"total_committers":31,"mean_commits":9.870967741935484,"dds":0.7483660130718954,"last_synced_commit":"27a6483af5afc97b32792514bdff4f73fd8859ae"},"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/sous-chefs/windows_ad","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sous-chefs%2Fwindows_ad","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sous-chefs%2Fwindows_ad/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sous-chefs%2Fwindows_ad/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sous-chefs%2Fwindows_ad/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sous-chefs","download_url":"https://codeload.github.com/sous-chefs/windows_ad/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sous-chefs%2Fwindows_ad/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265169794,"owners_count":23721901,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chef","chef-cookbook","chef-resource","hacktoberfest","managed-by-terraform","windows-ad"],"created_at":"2024-11-09T18:13:41.831Z","updated_at":"2025-12-16T23:28:51.003Z","avatar_url":"https://github.com/sous-chefs.png","language":"Ruby","funding_links":["https://opencollective.com/sous-chefs"],"categories":[],"sub_categories":[],"readme":"# windows_ad Cookbook\n\nThis cookbook installs Active Directory Domain Services on Windows Server including all necessary roles and features.\n\n## Requirements\n\n### Platform\n\n* Windows Server 2012 Family\n* Windows Server 2016 Family\n* Windows Server 2019 Family\n\n## Usage\n\nThis is a library style cookbook that provides a set of resources to install and configure Windows ADDS in a composable way. It is intended to be used in your own wrapper cookbook suited to your specific needs. You can see example usage in the recipes of the [windows_ad_test](https://github.com/TAMUarch/cookbook.windows_ad/blob/master/test/cookbooks/windows_ad_test/recipes/) cookbook that is included in this repo. These recipes are used as part of integration testing.\n\n* add `depends 'windows_ad'` to the metadata.rb for your cookbook.\n* use the provided resources in your cookbook\n\n## Testing\n\nFor more details look at the [TESTING.md](./TESTING.md).\n\n## Recipes\n\n### windows_ad::default\n\nThe windows_ad::default recipe installs the required roles and features to support a domain controller.\n\n## Resource/Provider\n\n### `computer`\n\n**NOTE** joining and unjoining computers from a domain has been removed from this cookbook, [windows_ad_join](https://docs.chef.io/resources/windows_ad_join/) should be used instead as it is part of Chef Infra Client 14.0.\n\n#### Actions\n\n* :create: Adds a computer object to Active Directory\n* :delete: Remove a computer object from Active Directory.\n* :modify: Modifies an existing computer object.\n* :move: Rename a computer object without moving it in the directory tree, or move an object from its current location in the directory to a new location within a single domain controller.\n\n#### Property Parameters\n\n* name: name property.  Name of the computer object.\n* domain_name: FQDN\n* domain_pass: domain password\n* domain_user: domain user\n* ou: Organization Unit path where object is to be located.\n* options: ability to pass additional options \u003chttp://technet.microsoft.com/en-us/library/cc754539.aspx\u003e\n* cmd_user: user under which the interaction with AD should happen\n* cmd_pass: password for user specified in cmd_user (only needed if user requires password)\n* cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account)\n* restart: allows preventing reboot after join or unjoin action. Default true to reboot.  **Required**\n\n#### Examples\n\n    ```rb\n    # Create computer \"workstation1\" in the Computers OU\n    windows_ad_computer \"workstation1\" do\n      action :create\n      domain_name \"contoso.local\"\n      ou \"computers\"\n    end\n\n    # Create computer \"workstation1\" in the Computers OU with description of \"Computer\"\n    windows_ad_computer \"workstation1\" do\n      action :create\n      domain_name \"contoso.local\"\n      ou \"computers\"\n      options ({ \"desc\" =\u003e \"computer\" })\n    end\n\n    # Create computer \"workstation1\" in the Computers OU using domain admin account\n    windows_ad_computer \"workstation1\" do\n      action :create\n      domain_name \"contoso.local\"\n      ou \"computers\"\n      cmd_user \"Administrator\"\n      cmd_pass \"password\"\n      cmd_domain \"contoso.local\"\n    end\n    ```\n\n### `contact`\n\n#### Actions\n\n* :create: Adds a contact object to Active Directory\n* :delete:  Remove a contact object from Active Directory.\n* :modify: Modifies an existing contact object.\n* :move:  Rename a contact object without moving it in the directory tree, or move an object from its current location in the directory to a new location within a single domain controller.\n\n#### Property Parameters\n\n* name: name property.  Name of the contact object.\n* domain_name: FQDN\n* ou: Organization Unit path where object is to be located.\n* options: ability to pass additional options \u003chttp://technet.microsoft.com/en-us/library/cc771883.aspx\u003e\n* cmd_user: user under which the interaction with AD should happen\n* cmd_pass: password for user specified in cmd_user (only needed if user requires password)\n* cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account)\n\n#### Examples\n\n    ```rb\n    # Create contact \"Bob Smith\" in the Users OU with firstname \"Bob\" and lastname \"Smith\"\n    windows_ad_contact \"Bob Smith\" do\n      action :create\n      domain_name \"contoso.local\"\n      ou \"users\"\n      options ({ \"fn\" =\u003e \"Bob\",\n                 \"ln\" =\u003e \"Smith\"\n               })\n    end\n\n    # Create contact \"Bob Smith\" in the Users OU with firstname \"Bob\" and lastname \"Smith\"\n    # using domain admin account\n    windows_ad_contact \"Bob Smith\" do\n      action :create\n      domain_name \"contoso.local\"\n      ou \"users\"\n      options ({ \"fn\" =\u003e \"Bob\",\n                 \"ln\" =\u003e \"Smith\"\n               })\n      cmd_user \"Administrator\"\n      cmd_pass \"password\"\n      cmd_domain \"contoso.local\"\n    end\n    ```\n\n### `domain`\n\n#### Actions\n\n* :create: Installs a forest, domain, or domain controller\n* :delete: Removes a domain controller from domain\n\n#### Property Parameters\n\n* name: name property.  Name of the forest/domain to operate against.\n* type: type of install. Valid values: forest, domain, read-only.\n* safe_mode_pass: safe mode administrative password.\n* domain_user: User account to join the domain or to create a domain controller. **Required**: for `:create` except on `type` `forest` on windows 2012 and above.\n* domain_pass: User password to join the domain or to create a domain controller. **Required**: for `:create` except on `type` `forest` on windows 2012 and above.\n* local_pass: Local Administrator Password for removing domain controller.\n* replica_type: For Windows Server 2008, specifies installing new or additional domain controller.  Valid values: domain, replica.\n* restart: when creating domain, will prevent Windows from automatically restarting. If not specified, defaults to true (which queues the restart). Valid values: true, false.\n* options: additional options as needed by AD DS Deployment \u003chttp://technet.microsoft.com/en-us/library/cc732887.aspx\u003e for Windows Server 2008 and \u003chttp://technet.microsoft.com/en-us/library/hh974719.aspx\u003e for Windows Server 2012.  Single parameters use nil for key value, see example below.\n\n#### Examples\n\n    ```rb\n    # Create Contoso.com forest\n    windows_ad_domain \"contoso.local\" do\n      action :create\n      type \"forest\"\n      safe_mode_pass \"Passw0rd\"\n    end\n\n    # Create Contoso.com forest and don't restart Windows\n    windows_ad_domain \"contoso.local\" do\n      action :create\n      type \"forest\"\n      safe_mode_pass \"Passw0rd\"\n      restart false\n    end\n\n    # Create Contoso.com replica\n    windows_ad_domain \"contoso.local\" do\n      action :create\n      type \"replica\"\n      safe_mode_pass \"Passw0rd\"\n      domain_pass \"Passw0rd\"\n      domain_user \"Administrator\"\n    end\n\n    # Create Contoso.com forest with DNS, Win2008 R2 Operational Mode Windows Server 2008 R2\n    windows_ad_domain \"contoso.local\" do\n      action :create\n      type \"forest\"\n      safe_mode_pass \"Passw0rd\"\n      options ({ \"domainlevel\" =\u003e \"4\",\n                 \"forestlevel\" =\u003e \"4\",\n                 \"InstallDNS\" =\u003e \"yes\"\n               })\n    end\n\n    # Create Contoso.com forest with DNS, Win2008 Operational Mode Windows Server 2012\n    windows_ad_domain \"contoso.local\" do\n      action :create\n      type \"forest\"\n      safe_mode_pass \"Passw0rd\"\n      options ({ \"ForestMode\" =\u003e \"Win2008\",\n                 \"InstallDNS\" =\u003e nil\n               })\n    end\n\n    # Remove Domain Controller\n    windows_ad_domain \"contoso.local\" do\n      action :delete\n      local_pass \"Passw0rd\"\n    end\n    ```\n\n### `group`\n\n#### Actions\n\n* :create: Adds a group object to Active Directory\n* :modify: Modifies a group object.\n* :move:  Rename a group object without moving it in the directory tree, or move an object from its current location in the directory to a new location within a single domain controller.\n* :delete:  Remove a group object from Active Directory.\n\n#### Property Parameters\n\n* name: name property.  Name of the group object.\n* domain_name: FQDN\n* ou: Organization Unit path where object is to be located.\n* options: ability to pass additional options \u003chttp://technet.microsoft.com/en-us/library/cc754037.aspx\u003e\n* cmd_user: user under which the interaction with AD should happen\n* cmd_pass: password for user specified in cmd_user (only needed if user requires password)\n* cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account)\n\n#### Examples\n\n    ```rb\n    # Create group \"IT\" in the Users OU\n    windows_ad_group \"IT\" do\n      action :create\n      domain_name \"contoso.local\"\n      ou \"users\"\n    end\n\n    # Create group \"IT\" in the Users OU with Description \"Information Technology Security Group\"\n    windows_ad_group \"IT\" do\n      action :create\n      domain_name \"contoso.local\"\n      ou \"users\"\n      options ({ \"desc\" =\u003e \"Information Technology Security Group\"\n               })\n    end\n\n    # Create group \"IT\" in the Users OU using domain admin account\n    windows_ad_group \"IT\" do\n      action :create\n      domain_name \"contoso.local\"\n      ou \"users\"\n      cmd_user \"Administrator\"\n      cmd_pass \"password\"\n      cmd_domain \"contoso.local\"\n    end\n    ```\n\n### `group_member`\n\n#### Actions\n\n* :add: Adds a user to a group.\n* :remove: Removes a user from a group.\n\n#### Property Parameters\n\n* user_name: user name property. Name of the user object.\n* group_name: group name property. Name of the group object.\n* domain_name: FQDN.\n* user_ou: Organization Unit path where user object is located.\n* group_ou: Organization Unit path where group object is located.\n* cmd_user: user under which the interaction with AD should happen\n* cmd_pass: password for user specified in cmd_user (only needed if user requires password)\n* cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account)\n\n#### Examples\n\n    ```rb\n    # Add user \"Joe Smith\" in the Users OU to group \"Admins\" in OU \"AD/Groups\"\n    windows_ad_group_member 'Joe Smith' do\n      action :add\n      group_name  'Admins'\n      domain_name 'contoso.local'\n      user_ou 'users'\n      group_ou 'AD/Groups'\n    end\n\n    # Add user \"Joe Smith\" in the Users OU to group \"Admins\" in OU \"AD/Groups\" using domain admin account\n    windows_ad_group_member 'Joe Smith' do\n      action :add\n      group_name  'Admins'\n      domain_name 'contoso.local'\n      user_ou 'users'\n      group_ou 'AD/Groups'\n      cmd_user \"Administrator\"\n      cmd_pass \"password\"\n      cmd_domain \"contoso.local\"\n    end\n    ```\n\n### `ou`\n\nNote: Chef 12 Custom Resource WIP.\nou provider will call `ou_2008` or `ou_2012` based on OS version.\nWarning: Data bags can be used, however OU names must be unique (restriction of data bags)\n\n#### Actions\n\n* :create: Adds organizational units to Active Directory.\n* :modify: Modifies an organizational unit.\n* :move:  Rename an organizational unit object without moving it in the directory tree, or move an object from its current location in the directory to a new location within a single domain controller.\n* :delete:  Remove an organizational unit object from Active Directory.\n\n#### Property Parameters\n\n* name: name property.  Name of the Organization Unit object.\n* domain_name: FQDN\n* ou: Organization Unit path where object is to be located.\n* options: ability to pass additional options \u003chttp://technet.microsoft.com/en-us/library/cc770883.aspx\u003e\n* cmd_user: user under which the interaction with AD should happen\n* cmd_pass: password for user specified in cmd_user (only needed if user requires password)\n* cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account)\n\n#### Examples\n\n    ```rb\n    # Create Organizational Unit \"Departments\" in the root\n    windows_ad_ou \"Departments\" do\n      action :create\n      domain_name \"contoso.local\"\n    end\n\n    # Create Organizational Unit \"IT\" in the \"Department\" OUroot\n    windows_ad_ou \"IT\" do\n      action :create\n      domain_name \"contoso.local\"\n      ou \"Departments\"\n    end\n\n    # Create Organizational Unit \"Departments\" in the root using domain admin account\n    windows_ad_ou \"Departments\" do\n      action :create\n      domain_name \"contoso.local\"\n      cmd_user \"Administrator\"\n      cmd_pass \"password\"\n      cmd_domain \"contoso.local\"\n    end\n    ```\n\n### 'ou_2008'\n\n#### Actions\n\n* :create: Adds organizational units to Active Directory.\nWIP:\n* :modify: Modifies an organizational unit.\n* :move:  Rename an organizational unit object without moving it in the directory tree, or move an object from its current location in the directory to a new location within a single domain controller.\n* :delete:  Remove an organizational unit object from Active Directory.\n\n#### Property Parameters\n\n* name: name property.  Name of the Organization Unit object.\n* domain_name: FQDN\n* ou: Organization Unit path where object is to be located.\n* options: ability to pass additional options \u003chttp://technet.microsoft.com/en-us/library/cc770883.aspx\u003e\n* cmd_user: user under which the interaction with AD should happen\n* cmd_pass: password for user specified in cmd_user (only needed if user requires password)\n* cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account)\n\n### 'ou_2012'\n\n#### Actions\n\n* :create: Adds organizational units to Active Directory.\nWIP:\n* :modify: Modifies an organizational unit.\n* :move:  Rename an organizational unit object without moving it in the directory tree, or move an object from its current location in the directory to a new location within a single domain controller.\n* :delete:  Remove an organizational unit object from Active Directory.\n\n#### Property Parameters\n\n* name: name property.  Name of the Organization Unit object.\n* domain_name: FQDN\n* path: Organization Unit path where object is to be located.\n* options: ability to pass additional options \u003chttp://technet.microsoft.com/en-us/library/cc770883.aspx\u003e\n* cmd_user: user under which the interaction with AD should happen\n* cmd_pass: password for user specified in cmd_user (only needed if user requires password)\n* cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account)\n\n### `users`\n\n#### Actions\n\n* :create: Adds a user object to Active Directory.\n* :modify: Modifies an user object.\n* :move:  Rename an user object without moving it in the directory tree, or move an object from its current location in the directory to a new location within a single domain controller.\n* :delete:  Remove an user object from Active Directory.\n\n#### Property Parameters\n\n* name: name property.  Name of the user object.\n* domain_name: FQDN\n* ou: Organization Unit path where object is located.\n* options: ability to pass additional options \u003chttp://technet.microsoft.com/en-us/library/cc731279.aspx\u003e\n* reverse: allows the reversing of \"First Name Last Name\" to \"Last Name, First Name\"\n* cmd_user: user under which the interaction with AD should happen\n* cmd_pass: password for user specified in cmd_user (only needed if user requires password)\n* cmd_domain: domain of the user specified in cmd_user (only needed if user is a domain account)\n\n#### Examples\n\n    ```rb\n    # Create user \"Joe Smith\" in the Users OU\n    windows_ad_user \"Joe Smith\" do\n      action :create\n      domain_name \"contoso.local\"\n      ou \"users\"\n      options ({ \"samid\" =\u003e \"JSmith\",\n             \"upn\" =\u003e \"JSmith@contoso.local\",\n             \"fn\" =\u003e \"Joe\",\n             \"ln\" =\u003e \"Smith\",\n             \"display\" =\u003e \"Smith, Joe\",\n             \"disabled\" =\u003e \"no\",\n             \"pwd\" =\u003e \"Passw0rd\"\n           })\n    end\n\n    # Create user \"Joe Smith\" in the Users OU using domain admin account\n    windows_ad_user \"Joe Smith\" do\n      action :create\n      domain_name \"contoso.local\"\n      ou \"users\"\n      options ({ \"samid\" =\u003e \"JSmith\",\n             \"upn\" =\u003e \"JSmith@contoso.local\",\n             \"fn\" =\u003e \"Joe\",\n             \"ln\" =\u003e \"Smith\",\n             \"display\" =\u003e \"Smith, Joe\",\n             \"disabled\" =\u003e \"no\",\n             \"pwd\" =\u003e \"Passw0rd\"\n           })\n      cmd_user \"Administrator\"\n      cmd_pass \"password\"\n      cmd_domain \"contoso.local\"\n    end\n    ```\n\n## Contributing\n\n1. Fork the repository on Github\n2. Create a named feature branch (like `add_component_x`)\n3. Write you change\n4. Write tests for your change (if applicable)\n5. Run the tests, ensuring they all pass\n6. Submit a Pull Request using Github\n\n## License and Authors\n\nAuthors:: Derek Groh (\u003cdgroh@github.com\u003e)\n          Richard Guin\n          Miroslav Kyurchev (\u003cmkyurchev@gmail.com\u003e)\n          Matt Wrock (\u003cmatt@mattwrock.com\u003e)\n          Miguel Ferreira (\u003cmiguelferreira@me.com\u003e)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsous-chefs%2Fwindows_ad","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsous-chefs%2Fwindows_ad","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsous-chefs%2Fwindows_ad/lists"}