構成
- WindowsServer2022
- ローカルから実行してる
導入
リモートで実行するために、WinRMを許可する必要がある
- Client
winrm set winrm/config/client '@{AllowUnencrypted="true"}'
- Server
winrm set winrm/config/service '@{AllowUnencrypted="true"}'winrm set winrm/config/service/auth '@{Basic="true"}'
Providerをセットする
provider "ad" {
version = "0.1.0"
// Add WinRM configuration here
winrm_hostname = "WIN-RGSRC4BU38N.vamdemic.local"
winrm_username = "Administrator"
winrm_password = "!QAZxsw2"
}
中身
provider "ad" {
version = "0.1.0"
// Add WinRM configuration here
winrm_hostname = "WIN-RGSRC4BU38N.vamdemic.local"
winrm_username = "Administrator"
winrm_password = "!QAZxsw2"
}
resource "ad_gpo" "g" {
name = "ExampleGPO"
domain = "vamdemic.local"
description = "gpo for gplink tests"
status = "AllSettingsEnabled"
}
resource "ad_gpo_security" "gpo_sec" {
gpo_container = ad_gpo.g.id
password_policies {
minimum_password_length = 3
}
system_services {
service_name = "TapiSrv"
startup_mode = "2"
acl = "D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;LA)"
}
}
resource "ad_ou" "o" {
name = "Example OU"
path = "dc=vamdemic,dc=local"
description = "OU for gplink tests"
}
resource "ad_gplink" "og" {
gpo_guid = ad_gpo.g.id
target_dn = ad_ou.o.dn
}
参考
https://registry.terraform.io/providers/hashicorp/ad/latest/docs
https://xkln.net/blog/getting-started-with-terraform-and-the-active-directory-provider/