---
- name: Patch DCs via JEA 
  hosts: domain_controllers
  gather_facts: no

  tasks:
    - name: List available updates
      ansible.windows.win_powershell:
        Get-WindowsUpdate -MicrosoftUpdate -AcceptAll -IgnoreReboot
      register: available_updates
      changed_when: false

    - name: Install updates
      ansible.windows.win_powershell:
        Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -IgnoreReboot -Verbose
      register: install_result

    - name: Reboot if required
      ansible.windows.win_powershell:
        Restart-Computer -Force
      async: 1
      poll: 0

    - name: Check update history
      ansible.windows.win_powershell:
        Get-WUHistory | Select-Object -First 5
      register: wu_history
      changed_when: false

    - name: Show update history
      debug:
        var: wu_history.stdout_lines