3

patch-dc-controllers.yaml

@@ -1,23 +1,18 @@
 ---
-- name: Patch Domain Controllers via SYSTEM task
+- name: Patch DCs directly via JEA (no scheduled task)
   hosts: domain_controllers
   gather_facts: no
 
   tasks:
-    - name: Start the SYSTEM patch task
+    - name: Install security & critical updates
-      community.windows.win_scheduled_task:
+      ansible.windows.win_updates:
-        name: "Patching-windows-task"
+        category_names:
-        state: started
+          - SecurityUpdates
-
+          - CriticalUpdates
-    - name: Wait for task to finish
+        reboot: yes
-      community.windows.win_scheduled_task_stat:
-        name: "Patching-windows-task"
-      register: taskstat
-      until: taskstat.task.state in ['Ready','Disabled']
-      retries: 180
-      delay: 60
-
-    - name: Reboot if required
-      ansible.windows.win_reboot:
         reboot_timeout: 3600
-      when: taskstat.task.state == 'Ready'
+      register: updates_result
+
+    - name: Show summary
+      ansible.builtin.debug:
+        var: updates_result