---
- name: Patch DCs via SYSTEM scheduled task
  hosts: domain_controllers
  gather_facts: no

  tasks:
    - name: Start the SYSTEM patch task
      ansible.windows.win_powershell:
        script: |
          Start-ScheduledTask -TaskName 'Patching-windows-task'

    - name: Wait until the task finishes
      community.windows.win_scheduled_task_stat:
        name: "Patching-windows-task"
      register: patch_task
      until: patch_task.task.state in ['Ready','Disabled']   # finished
      retries: 180
      delay: 60

    - name: Reboot if needed
      ansible.windows.win_reboot:
        reboot_timeout: 3600
      when: patch_task.task.state == 'Ready'