---
- name: Patch DCs via SYSTEM scheduled task
  hosts: domain_controllers
  gather_facts: no

  tasks:
    - name: Start the SYSTEM patch task
      ansible.windows.win_powershell:
        script: |
          Start-ScheduledTask -TaskName 'Patching-windows-task'

    - name: Poll task until finished (Ready/Disabled)
      community.windows.win_scheduled_task_stat:
        name: "Patching-windows-task"
      register: patch_task
      failed_when: false                # don't fail mid-poll if stat errors
      retries: 180
      delay: 60
      until: >
        (patch_task is not failed)
        and (patch_task.task is defined)
        and (patch_task.task.state | default('') in ['Ready','Disabled'])

    - name: Debug last observed task object (optional)
      ansible.builtin.debug:
        var: patch_task.task

    - name: Reboot if needed
      ansible.windows.win_reboot:
        reboot_timeout: 3600
      when: patch_task.task is defined and patch_task.task.state == 'Ready'