--- # Pre-installation tasks - name: Install required Samba packages apt: name: - samba - samba-dsdb-modules - samba-vfs-modules - winbind - libnss-winbind - libpam-winbind - krb5-config - krb5-user - dnsutils - acl - attr - ldb-tools - smbclient state: present - name: Stop default Samba services systemd: name: "{{ item }}" state: stopped enabled: no loop: - smbd - nmbd - winbind ignore_errors: yes - name: Mask default Samba services to prevent conflicts systemd: name: "{{ item }}" masked: yes loop: - smbd - nmbd - winbind ignore_errors: yes - name: Check if server is already an Active Directory Domain Controller shell: | if [ -f /etc/samba/smb.conf ]; then grep -i "server role.*active directory domain controller" /etc/samba/smb.conf || echo "not_ad_dc" else echo "no_config" fi register: samba_role_check changed_when: false failed_when: false - name: Display current Samba role status debug: msg: | {% if 'active directory domain controller' in samba_role_check.stdout.lower() %} ✅ Server is already configured as Active Directory Domain Controller ⚠️ Skipping backup and cleanup to preserve existing AD configuration {% else %} ℹ️ Server is not configured as AD DC ({{ samba_role_check.stdout }}) 🔄 Will backup existing config and clean databases {% endif %} - name: Backup existing Samba configuration copy: src: /etc/samba/smb.conf dest: /etc/samba/smb.conf.orig remote_src: yes backup: yes ignore_errors: yes when: "'active directory domain controller' not in samba_role_check.stdout.lower()" - name: Clean existing Samba databases file: path: "{{ item }}" state: absent loop: - /var/lib/samba/private - /var/cache/samba - /etc/samba/smb.conf ignore_errors: yes when: "'active directory domain controller' not in samba_role_check.stdout.lower()" - name: Recreate Samba directories file: path: "{{ item }}" state: directory mode: '0755' loop: - /var/lib/samba - /var/cache/samba when: "'active directory domain controller' not in samba_role_check.stdout.lower()"