wbrawner/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

win_setup: backport 2.4 fix for machine sid to work in domains with lots of users (#39040)

Browse source 
* win_setup: fix for machine sid to work in domains with lots of users (#38646)

(cherry picked from commit 2fc3ac3516)

* Added changelog entry for windows setup.ps1 fix
This commit is contained in:
Jordan Borean 2018-04-21 06:57:08 +10:00 committed by GitHub
parent b34402178e
commit 74f14ac23d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -10,6 +10,8 @@ Ansible Changes By Release
* Fix win_copy to preserve the global Ansible local tmp path instead of
deleting it when dealing with multiple files
(https://github.com/ansible/ansible/pull/37964)
* Fix Windows setup.ps1 for slow performance in large domain environments
(https://github.com/ansible/ansible/pull/38646)
<a id="2.4.4"></a>

20
lib/ansible/modules/windows/setup.ps1
View file

@ -41,16 +41,24 @@ Function Get-MachineSid {
# only accessible by the Local System account. This method get's the local
# admin account (ends with -500) and lops it off to get the machine sid.
$admins_sid = "S-1-5-32-544"
$admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
$user_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.UserPrincipal($principal_context)
$searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($user_principal)
$users = $searcher.FindAll() | Where-Object { $_.Sid -like "*-500" }
$group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group)
$searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal)
$groups = $searcher.FindOne()
$machine_sid = $null
if ($users -ne $null) {
$machine_sid = $users.Sid.AccountDomainSid.Value
foreach ($user in $groups.Members) {
$user_sid = $user.Sid
if ($user_sid.Value.EndsWith("-500")) {
$machine_sid = $user_sid.AccountDomainSid.Value
break
}
}
return $machine_sid
}