---
- name: Run DC patch task via SYSTEM scheduled task
  hosts: domain_controllers
  gather_facts: no

  vars:
    # Root task folder: use '\\'
    # If your task is in a folder, e.g. \Microsoft\Windows\WindowsUpdate\
    # then set: '\\Microsoft\\Windows\\WindowsUpdate\\'
    task_path: '\\'
    task_name: 'Patching-windows-task'

  tasks:
    - name: Start the SYSTEM patch task
      ansible.windows.win_command: >
        schtasks /Run /TN "{{ task_path }}{{ task_name }}"
      register: start_task
      changed_when: start_task.rc == 0 or
                    ('SUCCESS' in (start_task.stdout | default('')))
      failed_when: start_task.rc not in [0] and
                   ('SUCCESS' not in (start_task.stdout | default('')))

    - name: Poll task until it is Ready or Disabled
      ansible.windows.win_powershell:
        script: |
          $ErrorActionPreference = 'Stop'
          Import-Module ScheduledTasks
          $tp = '{{ task_path }}'
          $tn = '{{ task_name }}'
          $null = Get-ScheduledTask -TaskPath $tp -TaskName $tn
          (Get-ScheduledTaskInfo -TaskPath $tp -TaskName $tn).State
      register: task_state
      failed_when: false
      retries: 180          # up to 3 hours
      delay: 60
      until: (task_state.stdout | trim) in ['Ready','Disabled']

    - name: Reboot if needed
      ansible.windows.win_reboot:
        reboot_timeout: 3600
      when: (task_state.stdout | trim) == 'Ready'