---
- name: Patch DCs via JEA 
  hosts: domain_controllers
  gather_facts: no

  tasks:
    - name: List available updates
      ansible.windows.win_powershell:
        Get-WindowsUpdate -MicrosoftUpdate -AcceptAll -IgnoreReboot
      register: available_updates
      changed_when: false

    - name: Install updates
      ansible.windows.win_powershell:
        Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -Verbose
      register: install_result