GOAD install
Ubuntu20 + Virtualbox 7.1
.
refence used : https://github.com/Orange-Cyberdefense/GOAD/issues/281
.
the commands to provision
bolke@hacky:~/GOAD$ ./goad.sh
_____ _____ _____
/ ____| / ||| \ /\ | __ \
| | __|| ||| | / \ | | | |
| | |_ || ||| |/ /\ \ | | | |
| |__| || ||| / /__\ \| |__| |
\_____| \_|||_/________\_____/
Game Of Active Directory
Pwning is coming
Goad management console type help or ? to list commands
[*] Start Loading default instance
[+] Instance 850bec-goad-light-virtualbox loaded
[*] lab instances :
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┓
┃ Instance ID ┃ Lab ┃ Provider ┃ IP Range ┃ Status ┃ Is Default ┃ Extensions ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━┩
│ > 850bec-goad-light-virtualbox │ GOAD-Light │ virtualbox │ 192.168.56.0/24 │ ready for provisioning │ Yes │ │
└────────────────────────────────┴────────────┴────────────┴─────────────────┴────────────────────────┴────────────┴────────────┘
GOAD-Light/virtualbox/local/192.168.56.X (850bec-goad-light-virtualbox) > provision
provision provision_extension provision_lab provision_lab_from
GOAD-Light/virtualbox/local/192.168.56.X (850bec-goad-light-virtualbox) > provision_lab
[*] Loading inventory
[+] Lab inventory : /home/bolke/GOAD/ad/GOAD-Light/data/inventory file found
[+] Provider inventory : /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory file found
[+] Global inventory : /home/bolke/GOAD/globalsettings.ini file found
[*] Loading playbook list
[+] build.yml file found
[+] ad-servers.yml file found
[+] ad-parent_domain.yml file found
[+] ad-child_domain.yml file found
[+] wait5m.yml file found
[+] ad-members.yml file found
[+] ad-trusts.yml file found
[+] ad-data.yml file found
[+] ad-gmsa.yml file found
[+] laps.yml file found
[+] ad-relations.yml file found
[+] adcs.yml file found
[+] ad-acl.yml file found
[+] servers.yml file found
[+] security.yml file found
[+] vulnerabilities.yml file found
[*] Run playbook : build.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
build.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
.
complete
bolke@hacky:~/GOAD$ ./goad.sh
_____ _____ _____
/ ____| / ||| \ /\ | __ \
| | __|| ||| | / \ | | | |
| | |_ || ||| |/ /\ \ | | | |
| |__| || ||| / /__\ \| |__| |
\_____| \_|||_/________\_____/
Game Of Active Directory
Pwning is coming
Goad management console type help or ? to list commands
[*] Start Loading default instance
[+] Instance 850bec-goad-light-virtualbox loaded
[*] lab instances :
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┓
┃ Instance ID ┃ Lab ┃ Provider ┃ IP Range ┃ Status ┃ Is Default ┃ Extensions ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━┩
│ > 850bec-goad-light-virtualbox │ GOAD-Light │ virtualbox │ 192.168.56.0/24 │ ready for provisioning │ Yes │ │
└────────────────────────────────┴────────────┴────────────┴─────────────────┴────────────────────────┴────────────┴────────────┘
GOAD-Light/virtualbox/local/192.168.56.X (850bec-goad-light-virtualbox) > provision
provision provision_extension provision_lab provision_lab_from
GOAD-Light/virtualbox/local/192.168.56.X (850bec-goad-light-virtualbox) > provision_lab
[*] Loading inventory
[+] Lab inventory : /home/bolke/GOAD/ad/GOAD-Light/data/inventory file found
[+] Provider inventory : /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory file found
[+] Global inventory : /home/bolke/GOAD/globalsettings.ini file found
[*] Loading playbook list
[+] build.yml file found
[+] ad-servers.yml file found
[+] ad-parent_domain.yml file found
[+] ad-child_domain.yml file found
[+] wait5m.yml file found
[+] ad-members.yml file found
[+] ad-trusts.yml file found
[+] ad-data.yml file found
[+] ad-gmsa.yml file found
[+] laps.yml file found
[+] ad-relations.yml file found
[+] adcs.yml file found
[+] ad-acl.yml file found
[+] servers.yml file found
[+] security.yml file found
[+] vulnerabilities.yml file found
[*] Run playbook : build.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
build.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [build all] *******************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: common : Force a DNS on the adapter {{nat_adapter}} on dc01]
[started TASK: common : Force a DNS on the adapter {{nat_adapter}} on dc02]
[started TASK: common : Force a DNS on the adapter {{nat_adapter}} on srv02]
[started TASK: common : Set a proxy for specific protocols on dc01]
[started TASK: common : Set a proxy for specific protocols on dc02]
[started TASK: common : Set a proxy for specific protocols on srv02]
[started TASK: common : Configure IE to use a specific proxy per protocol on dc01]
[started TASK: common : Configure IE to use a specific proxy per protocol on dc02]
[started TASK: common : Configure IE to use a specific proxy per protocol on srv02]
[started TASK: common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version on dc01]
[started TASK: common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version on dc02]
[started TASK: common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version on srv02]
TASK [common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version] ***************************************************************************************************
changed: [dc01]
changed: [srv02]
changed: [dc02]
[started TASK: common : Windows | Check for ComputerManagementDsc Powershell module on dc01]
[started TASK: common : Windows | Check for ComputerManagementDsc Powershell module on dc02]
[started TASK: common : Windows | Check for ComputerManagementDsc Powershell module on srv02]
TASK [common : Windows | Check for ComputerManagementDsc Powershell module] ********************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
[started TASK: common : Windows | Enable Remote Desktop on dc01]
[started TASK: common : Windows | Enable Remote Desktop on dc02]
[started TASK: common : Windows | Enable Remote Desktop on srv02]
TASK [common : Windows | Enable Remote Desktop] ************************************************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
[started TASK: common : Windows | Check for xNetworking Powershell module on dc01]
[started TASK: common : Windows | Check for xNetworking Powershell module on dc02]
[started TASK: common : Windows | Check for xNetworking Powershell module on srv02]
TASK [common : Windows | Check for xNetworking Powershell module] ******************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: common : Firewall | Allow RDP through Firewall on dc01]
[started TASK: common : Firewall | Allow RDP through Firewall on dc02]
[started TASK: common : Firewall | Allow RDP through Firewall on srv02]
TASK [common : Firewall | Allow RDP through Firewall] ******************************************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
[started TASK: common : Add a network static route on dc01]
[started TASK: common : Add a network static route on dc02]
[started TASK: common : Add a network static route on srv02]
[started TASK: settings/keyboard : Add Keyboard Layouts registry key on dc01]
[started TASK: settings/keyboard : Add Keyboard Layouts registry key on dc02]
[started TASK: settings/keyboard : Add Keyboard Layouts registry key on srv02]
TASK [settings/keyboard : Add Keyboard Layouts registry key] ***********************************************************************************************************************************************
ok: [dc01] => (item=0000040C)
ok: [dc02] => (item=0000040C)
ok: [srv02] => (item=0000040C)
ok: [dc01] => (item=00000409)
ok: [srv02] => (item=00000409)
ok: [dc02] => (item=00000409)
[started TASK: settings/keyboard : Add Keyboard Layouts registry key for default users on dc01]
[started TASK: settings/keyboard : Add Keyboard Layouts registry key for default users on dc02]
[started TASK: settings/keyboard : Add Keyboard Layouts registry key for default users on srv02]
TASK [settings/keyboard : Add Keyboard Layouts registry key for default users] *****************************************************************************************************************************
ok: [srv02] => (item=0000040C)
ok: [dc02] => (item=0000040C)
ok: [dc01] => (item=0000040C)
ok: [srv02] => (item=00000409)
ok: [dc02] => (item=00000409)
ok: [dc01] => (item=00000409)
PLAY [build all no update] *********************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
[started TASK: settings/no_updates : Disable windows update on dc01]
[started TASK: settings/no_updates : Disable windows update on dc02]
TASK [settings/no_updates : Disable windows update] ********************************************************************************************************************************************************
changed: [dc01]
changed: [dc02]
PLAY [Launch windows updates before continue] **************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=16 changed=2 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0
dc02 : ok=11 changed=2 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
srv02 : ok=10 changed=1 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
[*] Run playbook : ad-servers.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-servers.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Prepare servers set admin password, set hostname] ****************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: settings/admin_password : Ensure that Admin is present with a valid password on dc01]
[started TASK: settings/admin_password : Ensure that Admin is present with a valid password on dc02]
[started TASK: settings/admin_password : Ensure that Admin is present with a valid password on srv02]
TASK [settings/admin_password : Ensure that Admin is present with a valid password] ************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
[started TASK: settings/hostname : Change the hostname on dc01]
[started TASK: settings/hostname : Change the hostname on dc02]
[started TASK: settings/hostname : Change the hostname on srv02]
TASK [settings/hostname : Change the hostname] *************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
[started TASK: settings/hostname : Reboot if needed on dc01]
[started TASK: settings/hostname : Reboot if needed on dc02]
[started TASK: settings/hostname : Reboot if needed on srv02]
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=9 changed=0 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
dc02 : ok=4 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
srv02 : ok=4 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
[*] Run playbook : ad-parent_domain.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-parent_domain.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Main DC AD configuration] ****************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : disable the registration of the {{nat_adapter}} interface (NAT address) in DNS on dc01]
TASK [domain_controller : disable the registration of the Ethernet interface (NAT address) in DNS] *********************************************************************************************************
changed: [dc01]
[started TASK: domain_controller : Ensure that domain exists on dc01]
TASK [domain_controller : Ensure that domain exists] *******************************************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : Reboot to complete domain creation on dc01]
[started TASK: domain_controller : Ensure the server is a domain controller on dc01]
TASK [domain_controller : Ensure the server is a domain controller] ****************************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : Reboot to complete domain controller setup on dc01]
[started TASK: domain_controller : Be sure DNS feature is installed on dc01]
TASK [domain_controller : Be sure DNS feature is installed] ************************************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : Check for xDnsServer Powershell module on dc01]
TASK [domain_controller : Check for xDnsServer Powershell module] ******************************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : enable only the {{domain_adapter}} interface (local) for DNS client requests on dc01]
TASK [domain_controller : enable only the Ethernet 2 interface (local) for DNS client requests] ************************************************************************************************************
changed: [dc01]
[started TASK: domain_controller : Configure DNS Forwarders on dc01]
TASK [domain_controller : Configure DNS Forwarders] ********************************************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : Install XactiveDirectory on dc01]
TASK [domain_controller : Install XactiveDirectory] ********************************************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : Ensure Administrator is part of Enterprise Admins on dc01]
TASK [domain_controller : Ensure Administrator is part of Enterprise Admins] *******************************************************************************************************************************
ok: [dc01]
[started TASK: domain_controller : Ensure Administrator is part of Domain Admins on dc01]
TASK [domain_controller : Ensure Administrator is part of Domain Admins] ***********************************************************************************************************************************
ok: [dc01]
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=17 changed=2 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
dc02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : ad-child_domain.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-child_domain.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Child DC AD configuration] ***************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc02]
[started TASK: child_domain : disable the registration of the {{nat_adapter}} interface (NAT address) in DNS on dc02]
TASK [child_domain : disable the registration of the Ethernet interface (NAT address) in DNS] **************************************************************************************************************
changed: [dc02]
[started TASK: child_domain : Set configure dns to {{dns_domain}} on dc02]
TASK [child_domain : Set configure dns to dc01] ************************************************************************************************************************************************************
changed: [dc02]
[started TASK: child_domain : Install windows features - AD Domain Services on dc02]
TASK [child_domain : Install windows features - AD Domain Services] ****************************************************************************************************************************************
ok: [dc02]
[started TASK: child_domain : Install windows features - RSAT-ADDS on dc02]
TASK [child_domain : Install windows features - RSAT-ADDS] *************************************************************************************************************************************************
ok: [dc02]
[started TASK: child_domain : add child domain to parent domain on dc02]
TASK [child_domain : add child domain to parent domain] ****************************************************************************************************************************************************
ok: [dc02]
[started TASK: child_domain : Reboot on dc02]
[started TASK: child_domain : enable the {{domain_adapter}} interface (local) for DNS client requests on dc02]
TASK [child_domain : enable the Ethernet 2 interface (local) for DNS client requests] **********************************************************************************************************************
changed: [dc02]
[started TASK: child_domain : Check for xDnsServer Powershell module on dc02]
TASK [child_domain : Check for xDnsServer Powershell module] ***********************************************************************************************************************************************
changed: [dc02]
[started TASK: child_domain : Configure DNS Forwarders on dc02]
TASK [child_domain : Configure DNS Forwarders] *************************************************************************************************************************************************************
changed: [dc02]
[started TASK: child_domain : Install XactiveDirectory on dc02]
TASK [child_domain : Install XactiveDirectory] *************************************************************************************************************************************************************
changed: [dc02]
[started TASK: child_domain : enable the Active directory web services if not enabled on dc02]
TASK [child_domain : enable the Active directory web services if not enabled] ******************************************************************************************************************************
changed: [dc02]
[started TASK: dns_conditional_forwarder : Add dns server zone on dc02]
TASK [dns_conditional_forwarder : Add dns server zone] *****************************************************************************************************************************************************
changed: [dc02]
PLAY [Parent DC ADD DNS configuration] *********************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: parent_child_dns : add dns delegation to child domain on dc01]
TASK [parent_child_dns : add dns delegation to child domain] ***********************************************************************************************************************************************
changed: [dc01] => (item=north.sevenkingdoms.local)
[started TASK: parent_child_dns : create conditional forwarder to child domain on dc01]
TASK [parent_child_dns : create conditional forwarder to child domain] *************************************************************************************************************************************
changed: [dc01] => (item=north.sevenkingdoms.local)
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=9 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=13 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
srv02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : wait5m.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
wait5m.yml
PLAY [wait] ************************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on localhost]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [localhost]
[started TASK: Wait 5 minutes to finish on localhost]
Pausing for 300 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
Press 'C' to continue the play or 'A' to abort
TASK [Wait 5 minutes to finish] ****************************************************************************************************************************************************************************
ok: [localhost]
PLAY RECAP *************************************************************************************************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : ad-members.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-members.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [play servers AD configuration] ***********************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: member_server : prioritize the {{domain_adapter}} interface (local) as the default for routing on srv02]
TASK [member_server : prioritize the Ethernet 2 interface (local) as the default for routing] **************************************************************************************************************
changed: [srv02]
[started TASK: member_server : Set configure dns to {{dns_domain}} on srv02]
TASK [member_server : Set configure dns to dc02] ***********************************************************************************************************************************************************
changed: [srv02]
[started TASK: member_server : Verify File Server Role is installed. on srv02]
TASK [member_server : Verify File Server Role is installed.] ***********************************************************************************************************************************************
changed: [srv02]
[started TASK: member_server : Add member server on srv02]
TASK [member_server : Add member server] *******************************************************************************************************************************************************************
changed: [srv02]
[started TASK: member_server : Reboot if needed on srv02]
TASK [member_server : Reboot if needed] ********************************************************************************************************************************************************************
changed: [srv02]
PLAY [play workstations AD configuration] ******************************************************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=6 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=7 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : ad-trusts.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-trusts.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Trusts configuration prepare] ************************************************************************************************************************************************************************
skipping: no hosts matched
PLAY [Trusts configuration] ********************************************************************************************************************************************************************************
skipping: no hosts matched
PLAY [Trusts configuration end] ****************************************************************************************************************************************************************************
skipping: no hosts matched
PLAY [Adjust DNS conditional forwarded configuration] ******************************************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=6 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : ad-data.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-data.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [DCs AD data configuration] ***************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
[started TASK: password_policy : set password policy on dc01]
[started TASK: password_policy : set password policy on dc02]
TASK [password_policy : set password policy] ***************************************************************************************************************************************************************
changed: [dc02]
changed: [dc01]
[started TASK: ad : Ensure Administrator is part of Domain Admins on dc01]
[started TASK: ad : Ensure Administrator is part of Domain Admins on dc02]
TASK [ad : Ensure Administrator is part of Domain Admins] **************************************************************************************************************************************************
ok: [dc02]
ok: [dc01]
[started TASK: ad : Create OU on dc01]
[started TASK: ad : Create OU on dc02]
TASK [ad : Create OU] **************************************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'Vale', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'IronIslands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Riverlands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Crownlands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Stormlands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Westerlands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Reach', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Dorne', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
[started TASK: ad : Create Groups Universal on dc01]
[started TASK: ad : Create Groups Universal on dc02]
[started TASK: ad : Create Groups Global on dc01]
[started TASK: ad : Create Groups Global on dc02]
TASK [ad : Create Groups Global] ***************************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'Lannister', 'value': {'managed_by': 'tywin.lannister', 'path': 'OU=Westerlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Stark', 'value': {'managed_by': 'eddard.stark', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Baratheon', 'value': {'managed_by': 'robert.baratheon', 'path': 'OU=Stormlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Night Watch', 'value': {'managed_by': 'jeor.mormont', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Small Council', 'value': {'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Mormont', 'value': {'managed_by': 'jeor.mormont', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'DragonStone', 'value': {'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'KingsGuard', 'value': {'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'DragonRider', 'value': {'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
[started TASK: ad : Create Groups domainlocal on dc01]
[started TASK: ad : Create Groups domainlocal on dc02]
TASK [ad : Create Groups domainlocal] **********************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'AcrossTheNarrowSea', 'value': {'path': 'CN=Users,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'AcrossTheSea', 'value': {'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
[started TASK: ad : Sync the contents of one directory to another - hack to get Requires -Module Ansible.ModuleUtils.Legacy loaded on dc01]
[started TASK: ad : Sync the contents of one directory to another - hack to get Requires -Module Ansible.ModuleUtils.Legacy loaded on dc02]
TASK [ad : Sync the contents of one directory to another - hack to get Requires -Module Ansible.ModuleUtils.Legacy loaded] *********************************************************************************
ok: [dc01]
ok: [dc02]
[started TASK: ad : Create users on dc01]
[started TASK: ad : Create users on dc02]
TASK [ad : Create users] ***********************************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'tywin.lannister', 'value': {'firstname': 'Tywin', 'surname': 'Lanister', 'password': 'powerkingftw135', 'city': 'Casterly Rock', 'description': 'Tywin Lanister', 'groups': ['Lannister'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'arya.stark', 'value': {'firstname': 'Arya', 'surname': 'Stark', 'password': 'Needle', 'city': 'Winterfell', 'description': 'Arya Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'jaime.lannister', 'value': {'firstname': 'Jaime', 'surname': 'Lanister', 'password': 'cersei', 'city': "King's Landing", 'description': 'Jaime Lanister', 'groups': ['Lannister'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'eddard.stark', 'value': {'firstname': 'Eddard', 'surname': 'Stark', 'password': 'FightP3aceAndHonor!', 'city': "King's Landing", 'description': 'Eddard Stark', 'groups': ['Stark', 'Domain Admins'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'cersei.lannister', 'value': {'firstname': 'Cersei', 'surname': 'Lanister', 'password': 'il0vejaime', 'city': "King's Landing", 'description': 'Cersei Lanister', 'groups': ['Lannister', 'Baratheon', 'Domain Admins', 'Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'catelyn.stark', 'value': {'firstname': 'Catelyn', 'surname': 'Stark', 'password': 'robbsansabradonaryarickon', 'city': "King's Landing", 'description': 'Catelyn Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'tyron.lannister', 'value': {'firstname': 'Tyron', 'surname': 'Lanister', 'password': 'Alc00L&S3x', 'city': "King's Landing", 'description': 'Tyron Lanister', 'groups': ['Lannister'], 'path': 'OU=Westerlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'robb.stark', 'value': {'firstname': 'Robb', 'surname': 'Stark', 'password': 'sexywolfy', 'city': 'Winterfell', 'description': 'Robb Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'robert.baratheon', 'value': {'firstname': 'Robert', 'surname': 'Baratheon', 'password': 'iamthekingoftheworld', 'city': "King's Landing", 'description': 'Robert Lanister', 'groups': ['Baratheon', 'Domain Admins', 'Small Council', 'Protected Users'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'sansa.stark', 'value': {'firstname': 'Sansa', 'surname': 'Stark', 'password': '345ertdfg', 'city': 'Winterfell', 'description': 'Sansa Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['HTTP/eyrie.north.sevenkingdoms.local']}})
changed: [dc01] => (item={'key': 'joffrey.baratheon', 'value': {'firstname': 'Joffrey', 'surname': 'Baratheon', 'password': '1killerlion', 'city': "King's Landing", 'description': 'Joffrey Baratheon', 'groups': ['Baratheon', 'Lannister'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'brandon.stark', 'value': {'firstname': 'Brandon', 'surname': 'Stark', 'password': 'iseedeadpeople', 'city': 'Winterfell', 'description': 'Brandon Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'renly.baratheon', 'value': {'firstname': 'Renly', 'surname': 'Baratheon', 'password': 'lorastyrell', 'city': "King's Landing", 'description': 'Renly Baratheon', 'groups': ['Baratheon', 'Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'rickon.stark', 'value': {'firstname': 'Rickon', 'surname': 'Stark', 'password': 'Winter2022', 'city': 'Winterfell', 'description': 'Rickon Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'stannis.baratheon', 'value': {'firstname': 'Stannis', 'surname': 'Baratheon', 'password': 'Drag0nst0ne', 'city': "King's Landing", 'description': 'Stannis Baratheon', 'groups': ['Baratheon', 'Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'hodor', 'value': {'firstname': 'hodor', 'surname': 'hodor', 'password': 'hodor', 'city': 'Winterfell', 'description': 'Brainless Giant', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'petyer.baelish', 'value': {'firstname': 'Petyer', 'surname': 'Baelish', 'password': '@littlefinger@', 'city': "King's Landing", 'description': 'Petyer Baelish', 'groups': ['Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'jon.snow', 'value': {'firstname': 'Jon', 'surname': 'Snow', 'password': 'iknownothing', 'city': 'Castel Black', 'description': 'Jon Snow', 'groups': ['Stark', 'Night Watch'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['HTTP/thewall.north.sevenkingdoms.local']}})
changed: [dc01] => (item={'key': 'lord.varys', 'value': {'firstname': 'Lord', 'surname': 'Varys', 'password': '_W1sper_$', 'city': "King's Landing", 'description': 'Lord Varys', 'groups': ['Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'samwell.tarly', 'value': {'firstname': 'Samwell', 'surname': 'Tarly', 'password': 'Heartsbane', 'city': 'Castel Black', 'description': 'Samwell Tarly (Password : Heartsbane)', 'groups': ['Night Watch'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'maester.pycelle', 'value': {'firstname': 'Maester', 'surname': 'Pycelle', 'password': 'MaesterOfMaesters', 'city': "King's Landing", 'description': 'Maester Pycelle', 'groups': ['Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'jeor.mormont', 'value': {'firstname': 'Jeor', 'surname': 'Mormont', 'password': '_L0ngCl@w_', 'city': 'Castel Black', 'description': 'Jeor Mormont', 'groups': ['Night Watch', 'Mormont'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'sql_svc', 'value': {'firstname': 'sql', 'surname': 'service', 'password': 'YouWillNotKerboroast1ngMeeeeee', 'city': '-', 'description': 'sql service', 'groups': [], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['MSSQLSvc/castelblack.north.sevenkingdoms.local:1433', 'MSSQLSvc/castelblack.north.sevenkingdoms.local']}})
[started TASK: ad : Set users SPN lists on dc01]
[started TASK: ad : Set users SPN lists on dc02]
TASK [ad : Set users SPN lists] ****************************************************************************************************************************************************************************
changed: [dc02] => (item={'key': 'sansa.stark', 'value': {'firstname': 'Sansa', 'surname': 'Stark', 'password': '345ertdfg', 'city': 'Winterfell', 'description': 'Sansa Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['HTTP/eyrie.north.sevenkingdoms.local']}})
changed: [dc02] => (item={'key': 'jon.snow', 'value': {'firstname': 'Jon', 'surname': 'Snow', 'password': 'iknownothing', 'city': 'Castel Black', 'description': 'Jon Snow', 'groups': ['Stark', 'Night Watch'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['HTTP/thewall.north.sevenkingdoms.local']}})
changed: [dc02] => (item={'key': 'sql_svc', 'value': {'firstname': 'sql', 'surname': 'service', 'password': 'YouWillNotKerboroast1ngMeeeeee', 'city': '-', 'description': 'sql service', 'groups': [], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['MSSQLSvc/castelblack.north.sevenkingdoms.local:1433', 'MSSQLSvc/castelblack.north.sevenkingdoms.local']}})
[started TASK: ad : Assign managed_by domainlocal groups on dc01]
[started TASK: ad : Assign managed_by domainlocal groups on dc02]
[started TASK: ad : Assign managed_by universal groups on dc01]
[started TASK: ad : Assign managed_by universal groups on dc02]
[started TASK: ad : Assign managed_by global groups on dc01]
[started TASK: ad : Assign managed_by global groups on dc02]
TASK [ad : Assign managed_by global groups] ****************************************************************************************************************************************************************
changed: [dc02] => (item={'key': 'Stark', 'value': {'managed_by': 'eddard.stark', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Lannister', 'value': {'managed_by': 'tywin.lannister', 'path': 'OU=Westerlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Night Watch', 'value': {'managed_by': 'jeor.mormont', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Baratheon', 'value': {'managed_by': 'robert.baratheon', 'path': 'OU=Stormlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Mormont', 'value': {'managed_by': 'jeor.mormont', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
[started TASK: ad : Add members to the Universal group, preserving existing membership on dc01]
[started TASK: ad : Add members to the Universal group, preserving existing membership on dc02]
[started TASK: ad : Add members to the Global group, preserving existing membership on dc01]
[started TASK: ad : Add members to the Global group, preserving existing membership on dc02]
[started TASK: ad : Add members to the Domainlocal group, preserving existing membership on dc01]
[started TASK: ad : Add members to the Domainlocal group, preserving existing membership on dc02]
PLAY [Servers AD data configuration] ***********************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: settings/copy_files : Create directory on srv02]
TASK [settings/copy_files : Create directory] **************************************************************************************************************************************************************
ok: [srv02]
[started TASK: settings/copy_files : Download GOAD img in C:\tmp on srv02]
TASK [settings/copy_files : Download GOAD img in C:\tmp] ***************************************************************************************************************************************************
changed: [srv02]
PLAY [Move to OU] ******************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
[started TASK: move_to_ou : Move computer to OU on dc01]
[started TASK: move_to_ou : Move computer to OU on dc02]
TASK [move_to_ou : Move computer to OU] ********************************************************************************************************************************************************************
ok: [dc02] => (item={'key': 'srv02', 'value': {'hostname': 'castelblack', 'type': 'server', 'local_admin_password': 'NgtI75cKV+Pu', 'domain': 'north.sevenkingdoms.local', 'path': 'DC=north,DC=sevenkingdoms,DC=local', 'use_laps': False, 'local_groups': {'Administrators': ['north\\jeor.mormont'], 'Remote Desktop Users': ['north\\Night Watch', 'north\\Mormont', 'north\\Stark']}, 'scripts': [], 'vulns': ['directory', 'disable_firewall', 'openshares', 'files', 'permissions'], 'vulns_vars': {'directory': {'shares': 'C:\\shares', 'all': 'C:\\shares\\all'}, 'files': {'website': {'src': 'srv02/wwwroot', 'dest': 'C:\\inetpub\\'}, 'letter_in_shares': {'src': 'srv02/all/arya.txt', 'dest': 'C:\\shares\\all\\arya.txt'}}, 'permissions': {'IIS_IUSRS_upload': {'path': 'C:\\inetpub\\wwwroot\\upload', 'user': 'IIS_IUSRS', 'rights': 'FullControl'}}}, 'mssql': {'sa_password': 'Sup1_sa_P@ssw0rd!', 'svcaccount': 'sql_svc', 'sysadmins': ['NORTH\\jon.snow'], 'executeaslogin': {'NORTH\\samwell.tarly': 'sa', 'NORTH\\brandon.stark': 'NORTH\\jon.snow'}, 'executeasuser': {'arya_master_dbo': {'user': 'NORTH\\arya.stark', 'db': 'master', 'impersonate': 'dbo'}, 'arya_dbms_dbo': {'user': 'NORTH\\arya.stark', 'db': 'msdb', 'impersonate': 'dbo'}}}}})
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=16 changed=6 unreachable=0 failed=0 skipped=9 rescued=0 ignored=0
dc02 : ok=12 changed=6 unreachable=0 failed=0 skipped=7 rescued=0 ignored=0
srv02 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : ad-gmsa.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-gmsa.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [GMSA inside AD] **************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc02]
ok: [dc01]
[started TASK: gmsa : Create GMSA Account on dc01]
[started TASK: gmsa : Create GMSA Account on dc02]
PLAY [GMSA hosts] ******************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: gmsa_hosts : Install-WindowsFeature RSAT-AD-PowerShell on srv02]
[started TASK: gmsa_hosts : Install ADServiceAccount on srv02]
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=7 changed=0 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
dc02 : ok=2 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
srv02 : ok=2 changed=0 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
[*] Run playbook : laps.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini laps.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [configure laps on DCs] *******************************************************************************************************************************************************************************
skipping: no hosts matched
PLAY [configure laps on servers] ***************************************************************************************************************************************************************************
skipping: no hosts matched
PLAY [verify and show laps passwords] **********************************************************************************************************************************************************************
skipping: no hosts matched
PLAY [set laps users and groups permission] ****************************************************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=6 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : ad-relations.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-relations.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Adjust rights configuration] *************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: settings/adjust_rights : Add domain users to local groups on dc01]
[started TASK: settings/adjust_rights : Add domain users to local groups on dc02]
[started TASK: settings/adjust_rights : Add domain users to local groups on srv02]
TASK [settings/adjust_rights : Add domain users to local groups] *******************************************************************************************************************************************
changed: [srv02] => (item={'key': 'Administrators', 'value': ['north\\jeor.mormont']})
changed: [dc02] => (item={'key': 'Administrators', 'value': ['north\\eddard.stark', 'north\\catelyn.stark', 'north\\robb.stark']})
changed: [dc01] => (item={'key': 'Administrators', 'value': ['sevenkingdoms\\robert.baratheon', 'sevenkingdoms\\cersei.lannister', 'sevenkingdoms\\DragonRider']})
changed: [srv02] => (item={'key': 'Remote Desktop Users', 'value': ['north\\Night Watch', 'north\\Mormont', 'north\\Stark']})
changed: [dc02] => (item={'key': 'Remote Desktop Users', 'value': ['north\\Stark']})
changed: [dc01] => (item={'key': 'Remote Desktop Users', 'value': ['sevenkingdoms\\Small Council', 'sevenkingdoms\\Baratheon']})
[started TASK: settings/user_rights : Add remote desktop and administrators group to rdp on dc01]
[started TASK: settings/user_rights : Add remote desktop and administrators group to rdp on dc02]
[started TASK: settings/user_rights : Add remote desktop and administrators group to rdp on srv02]
TASK [settings/user_rights : Add remote desktop and administrators group to rdp] ***************************************************************************************************************************
ok: [srv02]
changed: [dc02]
changed: [dc01]
PLAY [cross domain groups] *********************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc02]
ok: [dc01]
[started TASK: groups_domains : Reboot and wait for the AD system to restart on dc01]
[started TASK: groups_domains : Reboot and wait for the AD system to restart on dc02]
TASK [groups_domains : Reboot and wait for the AD system to restart] ***************************************************************************************************************************************
changed: [dc01]
changed: [dc02]
[started TASK: groups_domains : synchronizes all domains on dc01]
[started TASK: groups_domains : synchronizes all domains on dc02]
TASK [groups_domains : synchronizes all domains] ***********************************************************************************************************************************************************
changed: [dc02]
changed: [dc01]
[started TASK: groups_domains : Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} on dc01]
[started TASK: groups_domains : Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} on dc02]
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=12 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
dc02 : ok=7 changed=4 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
srv02 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : adcs.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini adcs.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [ADCS] ************************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: adcs : Install ADCS on dc01]
TASK [adcs : Install ADCS] *********************************************************************************************************************************************************************************
changed: [dc01]
[started TASK: adcs : Install-WindowsFeature ADCS-Cert-Authority on dc01]
TASK [adcs : Install-WindowsFeature ADCS-Cert-Authority] ***************************************************************************************************************************************************
ok: [dc01]
[started TASK: adcs : Install-WindowsFeature ADCS-Web-Enrollment on dc01]
TASK [adcs : Install-WindowsFeature ADCS-Web-Enrollment] ***************************************************************************************************************************************************
ok: [dc01]
[started TASK: adcs : Install-ADCSCertificationAuthority-PS on dc01]
TASK [adcs : Install-ADCSCertificationAuthority-PS] ********************************************************************************************************************************************************
changed: [dc01]
[started TASK: adcs : Enable Web enrollement on dc01]
TASK [adcs : Enable Web enrollement] ***********************************************************************************************************************************************************************
changed: [dc01]
[started TASK: adcs : Refresh on dc01]
TASK [adcs : Refresh] **************************************************************************************************************************************************************************************
changed: [dc01]
PLAY [ADCS] ************************************************************************************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=13 changed=4 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : ad-acl.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
ad-acl.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [ACL inside AD] ***************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
[started TASK: acl : set acl on dc01]
[started TASK: acl : set acl on dc02]
TASK [acl : set acl] ***************************************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'forcechangepassword_tywin_jaime', 'value': {'for': 'tywin.lannister', 'to': 'jaime.lannister', 'right': 'Ext-User-Force-Change-Password', 'inheritance': 'None'}})
changed: [dc02] => (item={'key': 'anonymous_rpc', 'value': {'for': 'NT AUTHORITY\\ANONYMOUS LOGON', 'to': 'DC=North,DC=sevenkingdoms,DC=local', 'right': 'ReadProperty', 'inheritance': 'All'}})
changed: [dc01] => (item={'key': 'GenericWrite_on_user_jaimie_joffrey', 'value': {'for': 'jaime.lannister', 'to': 'joffrey.baratheon', 'right': 'GenericWrite', 'inheritance': 'None'}})
changed: [dc02] => (item={'key': 'anonymous_rpc2', 'value': {'for': 'NT AUTHORITY\\ANONYMOUS LOGON', 'to': 'DC=North,DC=sevenkingdoms,DC=local', 'right': 'GenericExecute', 'inheritance': 'All'}})
changed: [dc01] => (item={'key': 'Writedacl_joffrey_tyron', 'value': {'for': 'joffrey.baratheon', 'to': 'tyron.lannister', 'right': 'WriteDacl', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'self-self-membership-on-group_tyron_small_council', 'value': {'for': 'tyron.lannister', 'to': 'Small Council', 'right': 'Ext-Self-Self-Membership', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'addmember_smallcouncil_DragonStone', 'value': {'for': 'Small Council', 'to': 'DragonStone', 'right': 'Ext-Write-Self-Membership', 'inheritance': 'All'}})
changed: [dc01] => (item={'key': 'write_owner_dragonstone_kingsguard', 'value': {'for': 'DragonStone', 'to': 'KingsGuard', 'right': 'WriteOwner', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_kingsguard_stanis', 'value': {'for': 'KingsGuard', 'to': 'stannis.baratheon', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_stanis_dc', 'value': {'for': 'stannis.baratheon', 'to': 'kingslanding$', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_group_acrrosdom_dc', 'value': {'for': 'AcrossTheNarrowSea', 'to': 'kingslanding$', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_varys_domadmin', 'value': {'for': 'lord.varys', 'to': 'Domain Admins', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_varys_domadmin_holder', 'value': {'for': 'lord.varys', 'to': 'CN=AdminSDHolder,CN=System,DC=sevenkingdoms,DC=local', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'WriteDACL_renly_Crownlands', 'value': {'for': 'renly.baratheon', 'to': 'OU=Crownlands,DC=sevenkingdoms,DC=local', 'right': 'WriteDacl', 'inheritance': 'None'}})
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=8 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[*] Run playbook : servers.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
servers.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc02]
ok: [srv02]
ok: [dc01]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Install IIS] *****************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Enable update service on srv02]
TASK [iis : Enable update service] *************************************************************************************************************************************************************************
changed: [srv02]
[started TASK: iis : Install IIS Management Features on srv02]
TASK [iis : Install IIS Management Features] ***************************************************************************************************************************************************************
changed: [srv02]
[started TASK: iis : Add SYSTEM allow rights to machine keys (required for installation of IIS 6 components) on srv02]
TASK [iis : Add SYSTEM allow rights to machine keys (required for installation of IIS 6 components)] *******************************************************************************************************
changed: [srv02]
[started TASK: iis : Install IIS 6 Compatibility Features on srv02]
TASK [iis : Install IIS 6 Compatibility Features] **********************************************************************************************************************************************************
changed: [srv02]
[started TASK: iis : Install IIS Web-Server with sub features and management tools on srv02]
TASK [iis : Install IIS Web-Server with sub features and management tools] *********************************************************************************************************************************
changed: [srv02]
[started TASK: iis : Create directory on srv02]
TASK [iis : Create directory] ******************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Create directory on srv02]
TASK [iis : Create directory] ******************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : default-website-index on srv02]
TASK [iis : default-website-index] *************************************************************************************************************************************************************************
changed: [srv02]
[started TASK: iis : Reboot if installing Web-Server feature requires it on srv02]
PLAY [Install MSSQL Express] *******************************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Reboot before install (long timeout in case of update) on srv02]
TASK [mssql : Reboot before install (long timeout in case of update)] **************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Set download_url on srv02]
TASK [mssql : Set download_url] ****************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Set connection method on srv02]
TASK [mssql : Set connection method] ***********************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Set mssql_service_instance on srv02]
TASK [mssql : Set mssql_service_instance] ******************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Set mssql_service_name on srv02]
TASK [mssql : Set mssql_service_name] **********************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Display mssql variables in use on srv02]
TASK [mssql : Display mssql variables in use] **************************************************************************************************************************************************************
ok: [srv02] => {
"msg": [
"MSSQL version : MSSQL_2019",
"MSSQL service name : MSSQL$SQLEXPRESS",
"MSSQL download url : https://download.microsoft.com/download/7/f/8/7f8a9c43-8c8a-4f7c-9f92-83c18d96b681/SQL2019-SSEI-Expr.exe",
"MSSQL instance : SQLEXPRESS",
"MSSQL connection use : -E"
]
}
[started TASK: mssql : create a directory for installer download on srv02]
TASK [mssql : create a directory for installer download] ***************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : create a directory for installer extraction on srv02]
TASK [mssql : create a directory for installer extraction] *************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : create a directory for media extraction on srv02]
TASK [mssql : create a directory for media extraction] *****************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : create the configuration file on srv02]
TASK [mssql : create the configuration file] ***************************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : check downloaded file exists on srv02]
TASK [mssql : check downloaded file exists] ****************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : get the installer on srv02]
TASK [mssql : get the installer] ***************************************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Add service account to Log on as a service on srv02]
TASK [mssql : Add service account to Log on as a service] **************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : check MSSQL service already exist (if failed service do not exist, launch install) on srv02]
TASK [mssql : check MSSQL service already exist (if failed service do not exist, launch install)] **********************************************************************************************************
ok: [srv02]
[started TASK: mssql : debug on srv02]
TASK [mssql : debug] ***************************************************************************************************************************************************************************************
ok: [srv02] => {
"msg": {
"changed": false,
"exists": false,
"failed": false,
"failed_when_result": false
}
}
[started TASK: mssql : Install the database on srv02]
FAILED - RETRYING: [srv02]: Install the database (3 retries left).
FAILED - RETRYING: [srv02]: Install the database (2 retries left).
FAILED - RETRYING: [srv02]: Install the database (1 retries left).
TASK [mssql : Install the database] ************************************************************************************************************************************************************************
fatal: [srv02]: FAILED! => {"attempts": 3, "changed": true, "cmd": "c:\\setup\\mssql\\sql_installer.exe /configurationfile=c:\\setup\\mssql\\sql_conf.ini /IACCEPTSQLSERVERLICENSETERMS /MEDIAPATH=c:\\setup\\mssql\\media /QUIET /HIDEPROGRESSBAR", "delta": "0:00:35.187290", "end": "2026-02-12 16:17:02.429965", "msg": "non-zero return code", "rc": 2226323458, "start": "2026-02-12 16:16:27.242675", "stderr": "", "stderr_lines": [], "stdout": "Microsoft (R) SQL Server Installer\r\nCopyright (c) 2019 Microsoft. All rights reserved.\r\n\r\nDownloading install package...\r\n\r\n\r\nOperation finished with result: Failure\r\n\r\nOops...\r\n\r\nUnable to install SQL Server (setup.exe).\r\n\r\n Exit code (Decimal): -2068643838\r\n Exit message: No features were installed during the setup execution. The requested features may already be installed. Please review the summary.txt log for further details.\r\n\r\n SQL SERVER INSTALL LOG FOLDER\r\n c:\\Program Files\\Microsoft SQL Server\\150\\Setup Bootstrap\\Log\\20260212_081633\r\n\r\n", "stdout_lines": ["Microsoft (R) SQL Server Installer", "Copyright (c) 2019 Microsoft. All rights reserved.", "", "Downloading install package...", "", "", "Operation finished with result: Failure", "", "Oops...", "", "Unable to install SQL Server (setup.exe).", "", " Exit code (Decimal): -2068643838", " Exit message: No features were installed during the setup execution. The requested features may already be installed. Please review the summary.txt log for further details.", "", " SQL SERVER INSTALL LOG FOLDER", " c:\\Program Files\\Microsoft SQL Server\\150\\Setup Bootstrap\\Log\\20260212_081633", ""]}
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=6 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=26 changed=13 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
servers.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Install IIS] *****************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Enable update service on srv02]
TASK [iis : Enable update service] *************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Install IIS Management Features on srv02]
TASK [iis : Install IIS Management Features] ***************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Add SYSTEM allow rights to machine keys (required for installation of IIS 6 components) on srv02]
TASK [iis : Add SYSTEM allow rights to machine keys (required for installation of IIS 6 components)] *******************************************************************************************************
ok: [srv02]
[started TASK: iis : Install IIS 6 Compatibility Features on srv02]
TASK [iis : Install IIS 6 Compatibility Features] **********************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Install IIS Web-Server with sub features and management tools on srv02]
TASK [iis : Install IIS Web-Server with sub features and management tools] *********************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Create directory on srv02]
TASK [iis : Create directory] ******************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Create directory on srv02]
TASK [iis : Create directory] ******************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : default-website-index on srv02]
TASK [iis : default-website-index] *************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: iis : Reboot if installing Web-Server feature requires it on srv02]
PLAY [Install MSSQL Express] *******************************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Reboot before install (long timeout in case of update) on srv02]
TASK [mssql : Reboot before install (long timeout in case of update)] **************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Set download_url on srv02]
TASK [mssql : Set download_url] ****************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Set connection method on srv02]
TASK [mssql : Set connection method] ***********************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Set mssql_service_instance on srv02]
TASK [mssql : Set mssql_service_instance] ******************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Set mssql_service_name on srv02]
TASK [mssql : Set mssql_service_name] **********************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Display mssql variables in use on srv02]
TASK [mssql : Display mssql variables in use] **************************************************************************************************************************************************************
ok: [srv02] => {
"msg": [
"MSSQL version : MSSQL_2019",
"MSSQL service name : MSSQL$SQLEXPRESS",
"MSSQL download url : https://download.microsoft.com/download/7/f/8/7f8a9c43-8c8a-4f7c-9f92-83c18d96b681/SQL2019-SSEI-Expr.exe",
"MSSQL instance : SQLEXPRESS",
"MSSQL connection use : -E"
]
}
[started TASK: mssql : create a directory for installer download on srv02]
TASK [mssql : create a directory for installer download] ***************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : create a directory for installer extraction on srv02]
TASK [mssql : create a directory for installer extraction] *************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : create a directory for media extraction on srv02]
TASK [mssql : create a directory for media extraction] *****************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : create the configuration file on srv02]
TASK [mssql : create the configuration file] ***************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : check downloaded file exists on srv02]
TASK [mssql : check downloaded file exists] ****************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : get the installer on srv02]
[started TASK: mssql : Add service account to Log on as a service on srv02]
TASK [mssql : Add service account to Log on as a service] **************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : check MSSQL service already exist (if failed service do not exist, launch install) on srv02]
TASK [mssql : check MSSQL service already exist (if failed service do not exist, launch install)] **********************************************************************************************************
ok: [srv02]
[started TASK: mssql : debug on srv02]
TASK [mssql : debug] ***************************************************************************************************************************************************************************************
ok: [srv02] => {
"msg": {
"can_pause_and_continue": true,
"changed": false,
"depended_by": [
"SQLAgent$SQLEXPRESS"
],
"dependencies": [
"KEYISO"
],
"description": "Provides storage, processing and controlled access of data, and rapid transaction processing.",
"desktop_interact": false,
"display_name": "SQL Server (SQLEXPRESS)",
"exists": true,
"failed": false,
"failed_when_result": false,
"name": "MSSQL$SQLEXPRESS",
"path": "\"c:\\Program Files\\Microsoft SQL Server\\MSSQL15.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe\" -sSQLEXPRESS",
"start_mode": "auto",
"state": "running",
"username": "north.sevenkingdoms.local\\sql_svc"
}
}
[started TASK: mssql : Install the database on srv02]
[started TASK: mssql : Add or update registry for ip port on srv02]
[started TASK: mssql : Add or update registry for ip port on srv02]
TASK [mssql : Add or update registry for ip port] **********************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Reboot on srv02]
TASK [mssql : Reboot] **************************************************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Firewall | Allow MSSQL through Firewall on srv02]
TASK [mssql : Firewall | Allow MSSQL through Firewall] *****************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Firewall | Allow MSSQL discover through Firewall on srv02]
TASK [mssql : Firewall | Allow MSSQL discover through Firewall] ********************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Be sure service is started on srv02]
TASK [mssql : Be sure service is started] ******************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Wait for port 1433 to become open on the host, start checking every 5 seconds on srv02]
TASK [mssql : Wait for port 1433 to become open on the host, start checking every 5 seconds] ***************************************************************************************************************
ok: [srv02]
[started TASK: mssql : Add MSSQL admin on srv02]
TASK [mssql : Add MSSQL admin] *****************************************************************************************************************************************************************************
changed: [srv02] => (item=NORTH\jon.snow)
[started TASK: mssql : Add IMPERSONATE on login on srv02]
TASK [mssql : Add IMPERSONATE on login] ********************************************************************************************************************************************************************
changed: [srv02] => (item={'key': 'NORTH\\samwell.tarly', 'value': 'sa'})
changed: [srv02] => (item={'key': 'NORTH\\brandon.stark', 'value': 'NORTH\\jon.snow'})
[started TASK: mssql : Add IMPERSONATE on user on srv02]
TASK [mssql : Add IMPERSONATE on user] *********************************************************************************************************************************************************************
changed: [srv02] => (item={'key': 'arya_master_dbo', 'value': {'user': 'NORTH\\arya.stark', 'db': 'master', 'impersonate': 'dbo'}})
changed: [srv02] => (item={'key': 'arya_dbms_dbo', 'value': {'user': 'NORTH\\arya.stark', 'db': 'msdb', 'impersonate': 'dbo'}})
[started TASK: mssql : Enable sa account on srv02]
TASK [mssql : Enable sa account] ***************************************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : enable MSSQL authentication and windows authent on srv02]
TASK [mssql : enable MSSQL authentication and windows authent] *********************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql : Restart service MSSQL on srv02]
TASK [mssql : Restart service MSSQL] ***********************************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql_link : Create SQL Linked server and enable RPC on srv02]
[started TASK: mssql_link : create logins on srv02]
[started TASK: mssql_link : default login impersonation on srv02]
PLAY [Install SQL Server Management Studio] ****************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql_ssms : check SQL Server Manager Studio installer exists on srv02]
TASK [mssql_ssms : check SQL Server Manager Studio installer exists] ***************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql_ssms : get the installer on srv02]
TASK [mssql_ssms : get the installer] **********************************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql_ssms : check SSMS installation already done on srv02]
TASK [mssql_ssms : check SSMS installation already done] ***************************************************************************************************************************************************
ok: [srv02]
[started TASK: mssql_ssms : Install SSMS on srv02]
TASK [mssql_ssms : Install SSMS] ***************************************************************************************************************************************************************************
changed: [srv02]
[started TASK: mssql_ssms : Reboot after install on srv02]
TASK [mssql_ssms : Reboot after install] *******************************************************************************************************************************************************************
changed: [srv02]
[WARNING]: Could not match supplied host pattern, ignoring: mssql_reporting
PLAY [Install SQL Server reporting] ************************************************************************************************************************************************************************
skipping: no hosts matched
PLAY [Install Webdav] **************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: webdav : Ensure WebDAV client feature is installed on srv02]
TASK [webdav : Ensure WebDAV client feature is installed] **************************************************************************************************************************************************
changed: [srv02]
[started TASK: webdav : Reboot after installing WebDAV client feature on srv02]
TASK [webdav : Reboot after installing WebDAV client feature] **********************************************************************************************************************************************
changed: [srv02]
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=6 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
dc02 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
srv02 : ok=46 changed=16 unreachable=0 failed=0 skipped=7 rescued=0 ignored=0
[*] Run playbook : security.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
security.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Setup enable defender] *******************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
[started TASK: settings/windows_defender : Install windows defender on dc01]
[started TASK: settings/windows_defender : Install windows defender on dc02]
TASK [settings/windows_defender : Install windows defender] ************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
[started TASK: settings/windows_defender : Reboot if needed on dc01]
[started TASK: settings/windows_defender : Reboot if needed on dc02]
[started TASK: settings/windows_defender : Disable windows defender sending sample on dc01]
[started TASK: settings/windows_defender : Disable windows defender sending sample on dc02]
TASK [settings/windows_defender : Disable windows defender sending sample] *********************************************************************************************************************************
changed: [dc02]
changed: [dc01]
[started TASK: settings/windows_defender : Disable windows defender sending sample on dc01]
[started TASK: settings/windows_defender : Disable windows defender sending sample on dc02]
TASK [settings/windows_defender : Disable windows defender sending sample] *********************************************************************************************************************************
changed: [dc01]
changed: [dc02]
[started TASK: settings/windows_defender : Disable network drive scanning on dc01]
[started TASK: settings/windows_defender : Disable network drive scanning on dc02]
[started TASK: settings/windows_defender : Disable realtime monitoring on dc01]
[started TASK: settings/windows_defender : Disable realtime monitoring on dc02]
PLAY [Setup disable defender] ******************************************************************************************************************************************************************************
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
[started TASK: settings/windows_defender : Install windows defender on srv02]
TASK [settings/windows_defender : Install windows defender] ************************************************************************************************************************************************
ok: [srv02]
[started TASK: settings/windows_defender : Reboot if needed on srv02]
[started TASK: settings/windows_defender : Disable windows defender sending sample on srv02]
TASK [settings/windows_defender : Disable windows defender sending sample] *********************************************************************************************************************************
changed: [srv02]
[started TASK: settings/windows_defender : Disable windows defender sending sample on srv02]
TASK [settings/windows_defender : Disable windows defender sending sample] *********************************************************************************************************************************
changed: [srv02]
[started TASK: settings/windows_defender : Disable network drive scanning on srv02]
TASK [settings/windows_defender : Disable network drive scanning] ******************************************************************************************************************************************
changed: [srv02]
[started TASK: settings/windows_defender : Disable realtime monitoring on srv02]
TASK [settings/windows_defender : Disable realtime monitoring] *********************************************************************************************************************************************
changed: [srv02]
PLAY [Setup security with tasks] ***************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: include_role : security/{{secu}} on dc01]
[started TASK: include_role : security/{{secu}} on dc02]
[started TASK: include_role : security/{{secu}} on srv02]
TASK [include_role : security/{{secu}}] ********************************************************************************************************************************************************************
[started TASK: security/account_is_sensitive : Account is sensitive on dc01]
TASK [security/account_is_sensitive : Account is sensitive] ************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'renly', 'value': {'account': 'renly.baratheon'}})
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=12 changed=3 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
dc02 : ok=6 changed=2 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
srv02 : ok=8 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
[*] Run playbook : vulnerabilities.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory,
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini
vulnerabilities.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions
PLAY [Read data files] *************************************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: save the Json data to a Variable as a Fact on dc01]
TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
[started TASK: find domain_adapter on dc01]
TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
[started TASK: find nat_adapter on dc01]
TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
[started TASK: find number of interfaces on dc01]
TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: find if two adapters on dc01]
TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
[started TASK: confirm nat_adapter on dc01]
PLAY [Setup vulnerabilities with tasks] ********************************************************************************************************************************************************************
[started TASK: Gathering Facts on dc01]
[started TASK: Gathering Facts on dc02]
[started TASK: Gathering Facts on srv02]
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
[started TASK: include_role : vulns/{{vuln}} on dc01]
[started TASK: include_role : vulns/{{vuln}} on dc02]
[started TASK: include_role : vulns/{{vuln}} on srv02]
TASK [include_role : vulns/{{vuln}}] ***********************************************************************************************************************************************************************
[started TASK: vulns/disable_firewall : Disable Domain firewall on dc01]
[started TASK: vulns/disable_firewall : Disable Domain firewall on dc02]
[started TASK: vulns/disable_firewall : Disable Domain firewall on srv02]
TASK [vulns/disable_firewall : Disable Domain firewall] ****************************************************************************************************************************************************
changed: [srv02]
changed: [dc02]
changed: [dc01]
[started TASK: vulns/directory : Create directory on dc01]
[started TASK: vulns/directory : Create directory on dc02]
[started TASK: vulns/directory : Create directory on srv02]
TASK [vulns/directory : Create directory] ******************************************************************************************************************************************************************
changed: [srv02] => (item={'key': 'shares', 'value': 'C:\\shares'})
changed: [dc02] => (item={'key': 'setup', 'value': 'c:\\setup'})
changed: [dc01] => (item={'key': 'setup', 'value': 'c:\\setup'})
changed: [srv02] => (item={'key': 'all', 'value': 'C:\\shares\\all'})
[started TASK: vulns/files : Copy a single file on dc01]
[started TASK: vulns/files : Copy a single file on dc02]
[started TASK: vulns/files : Copy a single file on srv02]
TASK [vulns/files : Copy a single file] ********************************************************************************************************************************************************************
changed: [dc02] => (item={'key': 'rdp', 'value': {'src': 'dc02/bot_rdp.ps1', 'dest': 'c:\\setup\\bot_rdp.ps1'}})
changed: [dc01] => (item={'key': 'template', 'value': {'src': 'dc01/templates/', 'dest': 'C:\\setup\\'}})
changed: [srv02] => (item={'key': 'website', 'value': {'src': 'srv02/wwwroot', 'dest': 'C:\\inetpub\\'}})
changed: [dc02] => (item={'key': 'sysvol_fake_script', 'value': {'src': 'dc02/sysvol_scripts/script.ps1', 'dest': 'C:\\Windows\\SYSVOL\\domain\\scripts\\script.ps1'}})
changed: [srv02] => (item={'key': 'letter_in_shares', 'value': {'src': 'srv02/all/arya.txt', 'dest': 'C:\\shares\\all\\arya.txt'}})
changed: [dc02] => (item={'key': 'sysvol_secret', 'value': {'src': 'dc02/sysvol_scripts/secret.ps1', 'dest': 'C:\\Windows\\SYSVOL\\domain\\scripts\\secret.ps1'}})
[started TASK: vulns/adcs_templates : Refresh on dc01]
TASK [vulns/adcs_templates : Refresh] **********************************************************************************************************************************************************************
changed: [dc01]
[started TASK: vulns/adcs_templates : Install ADCSTemplate Module on dc01]
TASK [vulns/adcs_templates : Install ADCSTemplate Module] **************************************************************************************************************************************************
changed: [dc01]
[started TASK: vulns/adcs_templates : create a directory for templates on dc01]
TASK [vulns/adcs_templates : create a directory for templates] *********************************************************************************************************************************************
ok: [dc01]
[started TASK: vulns/adcs_templates : Install templates on dc01]
TASK [vulns/adcs_templates : Install templates] ************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'ESC1', 'value': {'template_name': 'ESC1', 'template_file': 'C:\\setup\\ESC1.json'}})
[started TASK: vulns/credentials : Store a password in Credential Manager on dc02]
TASK [vulns/credentials : Store a password in Credential Manager] ******************************************************************************************************************************************
changed: [dc02] => (item={'key': 'TERMSRV/castelblack', 'value': {'username': 'north\\robb.stark', 'secret': 'sexywolfy', 'runas': 'north\\robb.stark', 'runas_password': 'sexywolfy'}})
[started TASK: vulns/autologon : Add windows autologon on dc02]
TASK [vulns/autologon : Add windows autologon] *************************************************************************************************************************************************************
changed: [dc02] => (item={'key': 'robb.stark', 'value': {'username': 'north\\robb.stark', 'password': 'sexywolfy'}})
[started TASK: vulns/ntlmdowngrade : Enable LmCompatibilityLevel on dc02]
TASK [vulns/ntlmdowngrade : Enable LmCompatibilityLevel] ***************************************************************************************************************************************************
changed: [dc02]
[started TASK: vulns/enable_llmnr : Enable LLMNR protocol on dc02]
TASK [vulns/enable_llmnr : Enable LLMNR protocol] **********************************************************************************************************************************************************
changed: [dc02]
[started TASK: vulns/enable_nbt-ns : Enable NBT-NS protocol on dc02]
TASK [vulns/enable_nbt-ns : Enable NBT-NS protocol] ********************************************************************************************************************************************************
changed: [dc02]
[started TASK: vulns/shares : Create directory if not exist on dc02]
[started TASK: vulns/shares : Create share on dc02]
[started TASK: vulns/shares : include_tasks on dc02]
[started TASK: vulns/shares : include_tasks on dc02]
[started TASK: vulns/shares : include_tasks on dc02]
[started TASK: vulns/shares : include_tasks on dc02]
[started TASK: vulns/openshares : Ensure directory structure for public share exists on srv02]
TASK [vulns/openshares : Ensure directory structure for public share exists] *******************************************************************************************************************************
changed: [srv02]
[started TASK: vulns/openshares : Ensure public share exists on srv02]
TASK [vulns/openshares : Ensure public share exists] *******************************************************************************************************************************************************
changed: [srv02]
[started TASK: vulns/openshares : Add or update registry path to allow guest access in SMB on srv02]
TASK [vulns/openshares : Add or update registry path to allow guest access in SMB] *************************************************************************************************************************
changed: [srv02]
[started TASK: vulns/openshares : activate guest account on srv02]
TASK [vulns/openshares : activate guest account] ***********************************************************************************************************************************************************
changed: [srv02]
[started TASK: vulns/openshares : Ensure directory structure for all share exists on srv02]
TASK [vulns/openshares : Ensure directory structure for all share exists] **********************************************************************************************************************************
ok: [srv02]
[started TASK: vulns/openshares : Add all share everyone rights on srv02]
TASK [vulns/openshares : Add all share everyone rights] ****************************************************************************************************************************************************
changed: [srv02]
[started TASK: vulns/openshares : all shares on srv02]
TASK [vulns/openshares : all shares] ***********************************************************************************************************************************************************************
changed: [srv02]
[started TASK: vulns/permissions : change folder allow rights on srv02]
TASK [vulns/permissions : change folder allow rights] ******************************************************************************************************************************************************
changed: [srv02] => (item={'key': 'IIS_IUSRS_upload', 'value': {'path': 'C:\\inetpub\\wwwroot\\upload', 'user': 'IIS_IUSRS', 'rights': 'FullControl'}})
[started TASK: include_role : ps on dc01]
[started TASK: include_role : ps on dc02]
[started TASK: include_role : ps on srv02]
TASK [include_role : ps] ***********************************************************************************************************************************************************************************
[started TASK: ps : Play task {{ps_script}} on dc02]
TASK [ps : Play task ../ad/GOAD-Light/scripts/asrep_roasting.ps1] ******************************************************************************************************************************************
changed: [dc02]
[started TASK: ps : Play task {{ps_script}} on dc02]
TASK [ps : Play task ../ad/GOAD-Light/scripts/constrained_delegation_use_any.ps1] **************************************************************************************************************************
changed: [dc02]
[started TASK: ps : Play task {{ps_script}} on dc02]
TASK [ps : Play task ../ad/GOAD-Light/scripts/constrained_delegation_kerb_only.ps1] ************************************************************************************************************************
changed: [dc02]
[started TASK: ps : Play task {{ps_script}} on dc02]
TASK [ps : Play task ../ad/GOAD-Light/scripts/ntlm_relay.ps1] **********************************************************************************************************************************************
changed: [dc02]
[started TASK: ps : Play task {{ps_script}} on dc02]
TASK [ps : Play task ../ad/GOAD-Light/scripts/responder.ps1] ***********************************************************************************************************************************************
changed: [dc02]
[started TASK: ps : Play task {{ps_script}} on dc02]
TASK [ps : Play task ../ad/GOAD-Light/scripts/gpo_abuse.ps1] ***********************************************************************************************************************************************
changed: [dc02]
[started TASK: ps : Play task {{ps_script}} on dc02]
TASK [ps : Play task ../ad/GOAD-Light/scripts/rdp_scheduler.ps1] *******************************************************************************************************************************************
changed: [dc02]
PLAY RECAP *************************************************************************************************************************************************************************************************
dc01 : ok=14 changed=6 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
dc02 : ok=17 changed=15 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0
srv02 : ok=13 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
[*] Lab successfully provisioned in 01:49:15
bolke@hacky:~/GOAD$
bolke@hacky:~/GOAD$
.