forked from Orange-Cyberdefense/GOAD
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathad-trusts.yml
57 lines (52 loc) · 2.04 KB
/
ad-trusts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
---
# Load datas
- import_playbook: data.yml
vars:
data_path: "../ad/{{domain_name}}/data/"
tags: 'data'
# set AD trusts ==================================================================================================
- name: Trusts configuration prepare
hosts: trust
roles:
- { role: 'settings/disable_nat_adapter' , tags: 'disable_nat_adapter'}
- { role: 'dns_conditional_forwarder', tags: 'dns_conditional_forwarder' }
vars:
domain: "{{lab.hosts[dict_key].domain}}"
remote_forest: "{{lab.domains[domain].trust}}"
zone_name: "{{remote_forest}}"
remote_dc: "{{lab.domains[remote_forest].dc}}"
master_server: "{{hostvars[remote_dc].ansible_host}}"
replication: "forest"
- name: Trusts configuration
hosts: trust
serial: 1 # add one trust at a time to avoid issues
roles:
- { role: 'trusts', tags: 'trust' }
vars:
domain: "{{lab.hosts[dict_key].domain}}"
domain_username: "{{domain}}\\Administrator"
domain_password: "{{lab.domains[domain].domain_password}}"
remote_forest: "{{lab.domains[domain].trust}}"
remote_admin: "Administrator@{{remote_forest}}"
remote_admin_password: "{{lab.domains[remote_forest].domain_password}}"
zone_name: "{{remote_forest}}"
remote_dc: "{{lab.domains[remote_forest].dc}}"
master_server: "{{hostvars[remote_dc].ansible_host}}"
- name: Trusts configuration end
hosts: trust
roles:
- { role: 'settings/enable_nat_adapter', tags: 'enable_nat_adapter'}
# add DNS conditional forwarder on all trust dc for each other subdomains
- name: Adjust DNS conditional forwarded configuration
hosts: trust
roles:
- { role: 'dc_dns_conditional_forwarder', tags: 'dns_conditional_forwarder' }
vars:
domain: "{{lab.hosts[dict_key].domain}}"
replication: "forest"
domain_username: "{{domain}}\\Administrator"
domain_password: "{{lab.domains[domain].domain_password}}"
parent_domain: "{{'.'.join(domain.split('.')[1:]) | default('')}}"
trust: "{{lab.domains[domain].trust | default('')}}"
lab: "{{lab}}"
domains: "{{lab.domains.keys()}}"