---
- name: Run DC patch task via SYSTEM scheduled task
  hosts: domain_controllers
  gather_facts: no

  vars:
    task_path: '\\'             # or '\\Microsoft\\Windows\\WindowsUpdate\\'
    task_name: 'Patching-windows-task'

  tasks:
    - name: Start the SYSTEM patch task (schtasks)
      ansible.windows.win_command: >
        schtasks /Run /TN "{{ task_path }}{{ task_name }}"
      register: start_task
      failed_when: false
      changed_when: >
        (start_task is defined) and
        (
          (start_task.rc | default(999)) == 0
          or ('SUCCESS' in (start_task.stdout | default('')))
        )

    - name: Poll task until Ready/Disabled (PowerShell)
      ansible.windows.win_powershell:
        script: |
          $ErrorActionPreference = 'Stop'
          Import-Module ScheduledTasks
          $tp = '{{ task_path }}'
          $tn = '{{ task_name }}'
          $null = Get-ScheduledTask -TaskPath $tp -TaskName $tn
          (Get-ScheduledTaskInfo -TaskPath $tp -TaskName $tn).State
      register: task_state
      failed_when: false
      retries: 180
      delay: 60
      until: (task_state.stdout | default('') | trim) in ['Ready','Disabled']

    - name: Reboot if needed
      ansible.windows.win_reboot:
        reboot_timeout: 3600
      when: (task_state.stdout | default('') | trim) == 'Ready'